Vulnerability Index: Year 2012

Windows Kernel SafeSEH Bypass Vulnerability RDP Memory Processing Vulnerability MIDI Remote Code Execution Vulnerability in Windows Media Player DirectShow Remote Code Execution Vulnerability CSRSS Elevation of Privilege Vulnerability DNS Denial of Service Vulnerability in Microsoft Windows Server 2003 and Server 2008 AntiXSS Library Bypass Vulnerability Visual Studio Add-In Untrusted Search Path Vulnerability Object Packager Insecure Executable Launching Vulnerability Copy and Paste Information Disclosure Vulnerability in Microsoft Internet Explorer 6-9 HTML Layout Remote Code Execution Vulnerability Null Byte Information Disclosure Vulnerability in Microsoft Internet Explorer 9 Assembly Execution Vulnerability in Windows Packager Configuration .NET Framework Unmanaged Objects Vulnerability .NET Framework Heap Corruption Vulnerability Expression Design Insecure Library Loading Vulnerability XSS in inplview.aspx Vulnerability in Microsoft SharePoint Foundation 2010 VSD File Format Memory Corruption Vulnerability in Microsoft Visio Viewer 2010 Gold and SP1 VSD File Format Memory Corruption Vulnerability in Microsoft Visio Viewer 2010 Gold and SP1 VSD File Format Memory Corruption Vulnerability in Microsoft Visio Viewer 2010 Gold and SP1 Apache HTTP Server Denial of Service Vulnerability Apache Tomcat Denial of Service Vulnerability Double Free Vulnerability in VLC Media Player Allows Remote Code Execution via Crafted TiVo File Denial of Service Vulnerability in MaraDNS Double Free Vulnerability in libfpx Allows Remote Denial of Service Denial of Service Vulnerability in OpenSSL's GOST ENGINE Futex Implementation Vulnerability in Linux Kernel Heap-based Buffer Overflow in e1000 Emulation in QEMU-KVM 0.12 OpenStack API Tenant Access Bypass Vulnerability Apache HTTP Server 2.2.21 and Earlier Scoreboard Local Denial of Service Vulnerability Insecure Permissions in Red Hat JBoss Operations Network (JON) Installation Denial of Service Vulnerability in ZNC's CBounceDCCMod::OnPrivCTCP Function Cleartext Logging of Credentials in JBoss Enterprise Application Platform (EAP) and BRMS Platform Untrusted Search Path Vulnerability in EDE in CEDET CRLF Injection Vulnerability in curl and libcurl XML External Entity (XXE) vulnerability in Redland Raptor library before 2.0.7 Integer Overflow in xfs_acl_from_disk Function in Linux Kernel Denial of Service Vulnerability in GLib 2.31.8 and Earlier Arbitrary Web Script Injection in SimpleSAMLphp 1.8.1 and Earlier Versions Denial of Service Vulnerability in Wireshark's dissect_packet Function Denial of Service Vulnerability in Wireshark 1.4.x and 1.6.x Buffer Overflow in RLC Dissector in Wireshark 1.4.x and 1.6.x Integer Overflow in drm_mode_dirtyfb_ioctl Function in Linux Kernel Denial of Service Vulnerability in KVM Emulation of syscall Instruction MediaWiki Deleted Text Exposure Vulnerability Apache Wicket 1.4.x XSS Vulnerability via wicket:pageMapName Parameter OpenTTD Denial of Service Vulnerability OpenTTD Denial of Service Vulnerability: Slow Read Attack OpenSSL DTLS Denial of Service Vulnerability Integrity Vulnerability in Tahoe-LAFS 1.9.0 Allows Remote File Corruption Identity Spoofing Vulnerability in Red Hat JBoss Operations Network (JON) Apache HTTP Server 2.2.x through 2.2.21 HTTPOnly Cookie Information Disclosure Vulnerability Local File Overwrite Vulnerability in GoLismero Updater Missing Inode Security Checks in OverlayFS Improper Permission Check in Linux Kernel Allows Privilege Escalation via /proc/<pid>/mem Arbitrary File Creation Vulnerability in PHP before 5.3.9 Denial of Service Vulnerability in Linux Kernel's kiocb_batch_free Function Cleartext Password Exposure in Spacewalk-backend RPM Denial of Service and Arbitrary Code Execution Vulnerability RPM HeaderLoad Function Denial of Service and Arbitrary Code Execution Vulnerability Remote Hijacking of Agent Sessions in Red Hat JBoss Operations Network (JON) Insecure Plugin Update Mechanism in Tucan Through 0.3.10: Remote Code Execution Vulnerability X.Org Xkeyboard-config Input Grab Bypass Vulnerability Heap-based Buffer Overflow in usbmuxd's receive_packet Function Denial of Service Vulnerability in Wireshark 1.4.x and 1.6.x Denial of Service Vulnerability in Wireshark 1.4.x and 1.6.x Denial of Service Vulnerability in Wireshark's lanalyzer_read Function SQL Injection Vulnerability in Batavi's ajax.php Allows Remote Code Execution STARTTLS Vulnerability in spamdyke prior to 4.2.1: Exposing Plaintext Unspecified Remote Integrity Vulnerability in Oracle Imaging and Process Management Component in Oracle Fusion Middleware 10.1.3.6.0 Unspecified Remote Availability Vulnerability in Oracle Database Server Unspecified Remote Integrity Vulnerability in Oracle Forms Component Unspecified Integrity Vulnerability in PeopleSoft Enterprise CRM Component Unspecified Remote Integrity Vulnerability in Oracle MySQL Server Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HCM Component Unspecified vulnerability in Oracle WebLogic Server component affecting integrity via WLS-Console Unspecified vulnerability in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to compromise confidentiality via Oracle Application Object Library component. Unspecified Remote Integrity Vulnerability in Oracle OpenSSO 7.1 and 8.0 Unspecified vulnerability in PeopleSoft Enterprise HCM component allows remote authenticated users to compromise confidentiality and integrity Unspecified Local Vulnerability in Oracle GlassFish Enterprise Server 3.1.1 Affecting Confidentiality, Integrity, and Availability Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle WebCenter Content component in Oracle Fusion Middleware Unspecified Integrity Vulnerability in Oracle WebCenter Content Component Unspecified Integrity Vulnerability in Oracle WebCenter Content Component Unspecified Confidentiality Vulnerability in Oracle Imaging and Process Management Component in Oracle Fusion Middleware 10.1.3.6.0 Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HCM Component Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HCM Component Unspecified Remote Integrity Vulnerability in Oracle Imaging and Process Management Component in Oracle Fusion Middleware 10.1.3.6.0 Unspecified Remote Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified Remote Integrity Vulnerability in Oracle Imaging and Process Management Component in Oracle Fusion Middleware 10.1.3.6.0 Unspecified Remote Integrity Vulnerability in Oracle Imaging and Process Management Component in Oracle Fusion Middleware 10.1.3.6.0 Unspecified Remote Availability Vulnerability in Oracle Solaris TCP/IP Unspecified Confidentiality Vulnerability in Oracle Imaging and Process Management Component in Oracle Fusion Middleware 10.1.3.6.0 Unspecified Remote Network Vulnerability in Oracle Solaris 8, 9, 10, and 11 Express Unspecified vulnerability in Oracle Solaris 11 Express allows local users to compromise confidentiality via unknown vectors in ksh93 Shell. Unspecified Local Denial of Service Vulnerability in Oracle Solaris 8, 9, 10, and 11 Express Unspecified Remote Availability Vulnerability in Oracle Solaris SSHD Unspecified Kerberos-related vulnerability in Oracle Solaris 9, 10, and 11 Express Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Kernel Vulnerability in Oracle Solaris 11 Express Unspecified Remote Availability Vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 Unspecified vulnerability in Oracle VM VirtualBox component allows local users to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Oracle Imaging and Process Management Component Unspecified Remote Availability Vulnerability in Oracle Imaging and Process Management Component Unspecified Confidentiality Vulnerability in Oracle Imaging and Process Management Component in Oracle Fusion Middleware 10.1.3.6.0 Unspecified Local Vulnerability in Oracle Solaris TCP/IP Stack Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 Unspecified vulnerability in Oracle VM VirtualBox allows local users to compromise confidentiality and integrity via unknown vectors in Shared Folders. Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.1.x and 5.5.x Unspecified Local Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Code Execution Vulnerability in MySQL Server Unspecified Remote Code Execution Vulnerability in MySQL Server Component Unspecified vulnerability in Oracle MySQL Server 5.1.x and 5.5.x Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Code Execution Vulnerability in HP Data Protector Express (DPX) Unspecified Remote Code Execution Vulnerability in HP Data Protector Express (DPX) Unspecified Remote Code Execution Vulnerability in HP Data Protector Express (DPX) Unspecified Remote Code Execution Vulnerability in HP Data Protector Express Unspecified Local Access Vulnerability in HP-UX WBEM Implementation Unspecified Remote Access Vulnerability in HP-UX WBEM Implementation Unspecified Remote Code Execution Vulnerability in HP Performance Manager 9.00 Arbitrary Website Redirection and Phishing Vulnerability in HP Onboard Administrator (OA) Remote Code Execution Vulnerability in HP Onboard Administrator (OA) before 3.50 Information Disclosure Vulnerability in HP Onboard Administrator (OA) before 3.50 Unspecified Remote Code Execution Vulnerability in DCE 1.8 and 1.9 on HP-UX Arbitrary Web Script Injection Vulnerability in HP Business Availability Center (BAC) 9.01 Vulnerability: Unspecified Virus on HP ProCurve 5400 zl Switches' Compact Flash Card Unspecified Denial of Service Vulnerability in HP OpenVMS Unspecified Denial of Service Vulnerability in HP System Management Homepage (SMH) VSD File Format Memory Corruption Vulnerability in Microsoft Visio Viewer 2010 Gold and SP1 VSD File Format Memory Corruption Vulnerability in Microsoft Visio Viewer 2010 Gold and SP1 VSD File Format Memory Corruption Vulnerability in Microsoft Visio Viewer 2010 Gold and SP1 Excel File Format Memory Corruption Vulnerability Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability Excel Memory Corruption Vulnerability XSS Vulnerability in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 XSS Vulnerability in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 UAG Blind HTTP Redirect Vulnerability Unfiltered Access to UAG Default Website Vulnerability AfdPoll Elevation of Privilege Vulnerability Ancillary Function Driver Elevation of Privilege Vulnerability in Microsoft Windows Server 2003 SP2 Msvcrt.dll Buffer Overflow Vulnerability WinVerifyTrust Signature Validation Vulnerability Terminal Server Denial of Service Vulnerability Keyboard Layout Use After Free Vulnerability VML Remote Code Execution Vulnerability in Microsoft Internet Explorer 9 DirectWrite Unicode Rendering Denial of Service Vulnerability Kernel-Mode Driver Privilege Escalation via PostMessage Function Vulnerability MSCOMCTL.OCX RCE Vulnerability TrueType Font Parsing Vulnerability .NET Framework Serialization Vulnerability .NET Framework Serialization Vulnerability .NET Framework Buffer Allocation Vulnerability .NET Framework Parameter Validation Vulnerability .NET Framework Index Comparison Vulnerability GDI+ Record Type Vulnerability GDI+ Heap Overflow Vulnerability in Microsoft Office Print Feature Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-9 JScript9 Remote Code Execution Vulnerability in Microsoft Internet Explorer 9 OnReadyStateChange Remote Code Execution Vulnerability in Microsoft Internet Explorer 6 and 7 SelectAll Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-9 VML Style Remote Code Execution Vulnerability Remote Desktop Protocol (RDP) Memory Processing Vulnerability Windows Firewall Bypass Vulnerability in Windows Vista, Windows Server 2008, and Windows 7 Command Injection Vulnerability in Microsoft Windows XP, Server 2003, Vista, Server 2008, R2, and Windows 7 Silverlight Double-Free Vulnerability Office WPS Converter Heap Overflow Vulnerability Windows Partition Manager Race Condition Vulnerability TCP/IP Double Free Vulnerability in Microsoft Windows Server 2008 R2 and Windows 7 Kernel-mode vulnerability in win32k.sys in Microsoft Windows allows local users to gain privileges via a crafted application, aka Windows and Messages Vulnerability. Keyboard Layout File Vulnerability Word PAPX Section Corruption Vulnerability RTF Mismatch Vulnerability in Microsoft Office Excel SXLI Record Memory Corruption Vulnerability Excel MergeCells Record Heap Overflow Vulnerability Eclipse Help Component Directory Traversal Vulnerability in IBM Lotus Expeditor Untrusted Search Path Vulnerability in IBM Lotus Expeditor Arbitrary Code Execution Vulnerability in IBM SPSS Dimensions and SPSS Data Collection Arbitrary Code Execution Vulnerabilities in IBM SPSS SamplePower 3.0 Arbitrary Code Execution Vulnerability in IBM SPSS Dimensions and SPSS Data Collection Access Control Bypass Vulnerability in IBM Lotus Expeditor Heap-based Buffer Overflow in IBM Lotus Symphony Denial of Service Vulnerability in IBM WebSphere Application Server (WAS) Denial of Service Vulnerability in IBM AIX TCP Implementation with Large Send Offload Arbitrary web script injection vulnerability in IBM Maximo Asset Management and related products Stack-based Buffer Overflow in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Multiple SQL Injection Vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 Denial of Service Vulnerability in IBM solidDB 6.5 Stack-based Buffer Overflow in IBM Personal Communications 5.9.x and 6.0.x Stack-based buffer overflows in IBM Cognos TM1 Admin Server (tm1admsd.exe) allow remote code execution Arbitrary Web Script Injection Vulnerability in InfoSphere Metadata Workbench Untrusted Search Path Vulnerability in InfoSphere Import Export Manager Unrestricted Troubleshooting Access in InfoSphere Metadata Workbench Denial of Service Vulnerability in PowerDNS Authoritative Server Denial of Service Vulnerability in Linux Kernel's igmp_heard_query Function Unspecified vulnerability in Oracle Grid Engine component allows remote authenticated users to affect confidentiality, integrity, and availability Arbitrary PHP Code Execution Vulnerability in Horde Groupware Arbitrary Code Execution and Information Disclosure in devscripts debdiff.pl Arbitrary Code Execution via Crafted Tarball Filename in devscripts Arbitrary Code Execution in debdiff.pl in devscripts 2.10.x and 2.11.x Denial of Service Vulnerability in Apache POI 3.8 and Earlier Insecure Update Process in APT Allows Arbitrary Package Installation Arbitrary Privilege Modification in Tryton Application Framework Apache2 Package in Debian GNU/Linux Default Configuration Vulnerability Vulnerability: Incorrect Use of sysret Path in x86-64 Kernel System-Call Functionality Denial of Service Vulnerability in Xen Hypervisor Heap-based Buffer Overflow in socat xioscan_readline Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in ikiwiki Plugin/meta.pm Denial of Service Vulnerability in FactoryTalk RNADiagReceiver Service FactoryTalk RNADiagReceiver Service Denial of Service Vulnerability Untrusted Search Path Privilege Escalation Vulnerability in 7-Technologies TERMIS 2.10 and Earlier Untrusted Search Path Privilege Escalation Vulnerability in 7-Technologies (7T) AQUIS 1.5 and Earlier Arbitrary Web Script Injection Vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 Remote Code Execution via SQL Injection in Invensys Wonderware Information Server 4.0 SP1 and 4.5 Buffer Overflow in VSFlexGrid ActiveX Control in ComponentOne FlexGrid 7.1 Remote Access Bypass Vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 Remote Code Execution Vulnerability in GE Intelligent Platforms Proficy Historian Remote Code Execution Vulnerability in PRRDS.exe of GE Intelligent Platforms Proficy Plant Applications Remote Code Execution Vulnerability in GE Intelligent Platforms Proficy Plant Applications Directory Traversal Vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal Advantech/BroadWin WebAccess XSS Vulnerability Remote Code Execution via SQL Injection in Advantech/BroadWin WebAccess CSRF Vulnerability in Advantech/BroadWin WebAccess before 7.0 Sensitive Information Disclosure in Advantech/BroadWin WebAccess 7.0 and Earlier Vulnerability: Remote Date and Time Syncing Control in Advantech/BroadWin WebAccess Arbitrary Code Execution Vulnerability in Advantech/BroadWin WebAccess Authentication Bypass Vulnerability in Advantech/BroadWin WebAccess before 7.0 Authentication Bypass Vulnerability in Advantech/BroadWin WebAccess before 7.0 Denial of Service Vulnerability in Advantech/BroadWin WebAccess Remote Code Execution via Format String Vulnerability in Advantech/BroadWin WebAccess Arbitrary Code Execution via Buffer Overflow in Advantech/BroadWin WebAccess ActiveX Control SQL Injection Vulnerabilities in Advantech/BroadWin WebAccess Stack-based Buffer Overflow Vulnerabilities in ABB Robot Communications Runtime Directory Traversal Vulnerability in Ecava IntegraXor ActiveX Control Memory Corruption and Arbitrary Code Execution Vulnerability in ImageMagick 6.7.5-7 and Earlier Denial of Service Vulnerability in ImageMagick 6.7.5-7 and Earlier Buffer Overflow in ospf_ls_upd_list_lsa Function in Quagga OSPFv2 Implementation Buffer Overflow in OSPFv2 Implementation in Quagga: Denial of Service via LS Update Packet Multiple Cross-Site Scripting (XSS) Vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 Stack-based Buffer Overflow in HMIWeb Browser HSCDSPRenderDLL ActiveX Control in Honeywell Process Solutions (HPS), Honeywell Building Solutions (HBS), and Honeywell Environmental Combustion and Controls (ECC) Products Denial of Service Vulnerability in Quagga BGP Implementation Denial of Service Vulnerability in Apache Traffic Server Remote Code Execution via Heap-based Buffer Overflow in WWCabFile ActiveX Component Heap-based Buffer Overflow in WWCabFile ActiveX Component in Wonderware System Platform and Related Software Out-of-Bounds Read Vulnerability in ImageMagick's GetEXIFProperty Function Denial of Service Vulnerability in ImageMagick's JPEGWarningHandler Function Arbitrary Command Execution in license.php of op5 Monitor and op5 Appliance Arbitrary Command Execution in op5 Monitor and op5 Appliance Sensitive Information Disclosure in op5 Monitor and op5 Appliance before 5.5.1 Session Cookie Management Vulnerability in op5 Monitor and op5 Appliance before 5.5.0 Stack-based Buffer Overflow in Apple QuickTime on Windows Multiple stack-based buffer overflows in NTR ActiveX Control allow remote code execution Arbitrary Code Execution Vulnerability in NTR ActiveX Control Arbitrary Code Execution via Crafted JPG Image in Yahoo! Messenger Remote Code Execution Vulnerability in JustSystems Ichitaro and Related Software Stack-based buffer overflows in Csound before 5.16.6: Remote Code Execution Vulnerability Integer Overflow in GroupWise Internet Agent (GWIA) Allows Remote Code Execution Novell GroupWise 8.0 WebAccess Component XSS Vulnerability Multiple Stack-Based Buffer Overflows in MinaliC 2.0.0 Heap-based Buffer Overflow in Adobe Photoshop CS5 and CS6 Heap-based Buffer Overflow Vulnerabilities in XnView: Remote Code Execution and Denial of Service XnView Heap-Based Buffer Overflow Vulnerability Heap-based Buffer Overflow in FlashPix PlugIn for IrfanView Allows Remote Code Execution Weak Permissions in Quest Toad for Data Analysts 3.0.1 Allow Privilege Escalation via Trojan Horse File XnView Heap-Based Buffer Overflow in GIF Image Processing Arbitrary Script Injection in DokuWiki's tpl_mediaFileList Function Stack-based Buffer Overflow in Cisco Linksys PlayerPT ActiveX Control 1.0.0.15 Unspecified Cross-Site Scripting (XSS) Vulnerabilities in Stoneware webNetwork CSRF Vulnerability in Stoneware webNetwork Allows Account Hijacking Arbitrary Script Injection in WordPress Comment Posting Buffer Overflow Vulnerability in Symantec Endpoint Protection and Symantec Network Access Control Vulnerability: Improper Handling of Client State in Symantec pcAnywhere and Altiris Solutions Denial of Service Vulnerability in Symantec pcAnywhere and Altiris Solutions Denial of Service Vulnerability in Symantec pcAnywhere and Altiris Solutions SQL Injection Vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 Directory Traversal Vulnerability in Symantec Endpoint Protection Manager Service Remote Code Execution Vulnerability in Symantec Endpoint Protection Manager Service Arbitrary Code Injection through Cross-Site Scripting (XSS) in Symantec Web Gateway 5.0.x Arbitrary Code Execution Vulnerability in Symantec Web Gateway 5.0.x Arbitrary File Read and Delete Vulnerability in Symantec Web Gateway 5.0.x Arbitrary Code Execution Vulnerability in Symantec Web Gateway 5.0.x Unrestricted Session Establishment in Brightmail Control Center in Symantec Message Filter 6.3 Session Fixation Vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 Brightmail Control Center XSS Vulnerability CSRF Vulnerabilities in Symantec Message Filter 6.3: Remote Authentication Hijacking Weak Permissions in Symantec LiveUpdate Administrator Installation Directory Allows Privilege Escalation Untrusted Search Path Vulnerability in Symantec System Recovery and Backup Exec System Recovery Arbitrary Code Execution and Memory Corruption Vulnerability in Symantec Ghost Solution Suite 2.x through 2.5.1 Cross-Site Scripting (XSS) Vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 CSRF Vulnerability in Symantec Messaging Gateway (SMG) Allows Authentication Hijacking Arbitrary Web Script Injection Vulnerability in Cogent DataHub, Cascade DataHub, and OPC DataHub CRLF Injection Vulnerability in Cogent DataHub, Cascade DataHub, and OPC DataHub Unspecified Cross-Site Scripting (XSS) Vulnerability in osCommerce 2.2MS1J before R9 Arbitrary Web Script Injection Vulnerability in osCommerce XSS Vulnerability in Glucose 2 Allows Remote Script Injection via RSS Feed Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in eAccess Pocket WiFi Router ALFTP Untrusted Search Path Privilege Escalation Vulnerability WebView Class Information Disclosure Vulnerability Cross-Site Request Forgery (CSRF) Vulnerabilities in Movable Type Versions 4.38, 5.0x, and 5.1x Cross-Site Scripting (XSS) Vulnerabilities in Movable Type before 5.13 Arbitrary Command Execution via File-Upload Feature in Movable Type Session Hijacking Vulnerability in Movable Type Denial of Service Vulnerability in Kingsoft Internet Security 2011 Device Driver Arbitrary File Read Vulnerability in EStrongs ES File Explorer Application for Android Autocomplete Plugin XSS Vulnerability in SquirrelMail 3.0 Unspecified Cross-Site Scripting (XSS) Vulnerability in Jenkins Unspecified Cross-Site Scripting (XSS) Vulnerability in Jenkins Insecure Network Privileges in twicca Android App Allow Unauthorized Access to SD Card Media Files Unspecified Cross-Site Scripting (XSS) Vulnerability in Redmine before 1.3.2 Session Information Disclosure in Janetter before 3.3.0.0 Arbitrary Code Execution Vulnerability in Cisco Digital Media Manager Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (Bug ID CSCtr20426) Denial of Service Vulnerability in Cisco TelePresence Video Communication Server (CVE-2020-12345) Unauthenticated Remote Calling Vulnerability in Cisco Small Business IP Phones SSL Certificate Caching Vulnerability in Cisco IronPort Web Security Appliance AsyncOS Software Proxy Authentication Bypass Vulnerability in Cisco ASA 5500 Series Devices Cisco Unified MeetingPlace 7.1 SQL Injection Vulnerability (Bug ID CSCtx08939) Vulnerability: Cisco IOS SSH Access-Class Bypass (Bug ID CSCsv86113) Vulnerability: Cisco IOS TELNET Connection Spoofing (Bug ID CSCsi77774) Cisco IronPort Encryption Appliance XSS Vulnerability in Management Interface Denial of Service Vulnerability in Cisco NX-OS Switches Denial of Service Vulnerability in Cisco ASA and ASASM Devices (CSCtq10441) Denial of Service Vulnerability in Cisco ASA Threat Detection Feature Denial of Service Vulnerability in Cisco ASA and ASASM Devices (CSCts39634) Denial of Service vulnerability in Cisco ASA and FWSM devices with multicast routing enabled Buffer Overflow Vulnerability in Cisco Port Forwarder ActiveX Control Denial of Service Vulnerability in Cisco Cius Software (Bug ID CSCto71445) Memory Leak in Cisco IOS: Denial of Service via Crafted Packets (Bug ID CSCtn22376) Denial of Service Vulnerability in Cisco IP Communicator (CIPC) 7.0 through 8.6 Bypassing Access Restrictions in Cisco IOS 12.2(58)SE2 and 15.0(1)SE Command Injection Vulnerability in Cisco SRP 520 and SRP 540 Series Devices Configuration File Replacement Vulnerability in Cisco SRP 520 and 540 Series Devices Directory Traversal Vulnerability in Cisco SRP 520 and 540 Series Devices Cisco Unity Connection Help Desk Administrator Password Change Vulnerability Denial of Service Vulnerability in Cisco Unity Connection Denial of Service Vulnerability in Cisco Wireless LAN Controller Administrative Management Interface Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Devices Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Devices Cisco Wireless LAN Controller (WLC) Configuration Modification Vulnerability Denial of Service Vulnerability in Cisco Unified Communications Manager (CUCM) 8.5 Denial of Service Vulnerability in Cisco ASA 5500 Series Devices (Bug ID CSCtv19854) IKEv1 Denial of Service Vulnerability in Cisco IOS and IOS XE Denial of Service Vulnerability in Cisco IOS and IOS XE Cisco IOS NAT Feature Memory Leak Vulnerability Cisco IOS and IOS XE AAA Authorization Bypass Vulnerability (Bug ID CSCtr91106) Denial of Service Vulnerability in Cisco IOS Smart Install Feature (Bug ID CSCtt16051) Denial of Service Vulnerability in Cisco IOS and IOS XE SSHv2 Implementation (CSCtr49064) Memory Leak Vulnerability in Cisco IOS Zone-Based Firewall HTTP Inspection Engine (Bug ID CSCtq36153) H.323 Inspection Memory Leak Vulnerability in Cisco IOS Arbitrary Web Script Injection in ForgottenPassword.aspx in MailEnable Timing Side-Channel Attack Vulnerability in GnuTLS DTLS Implementation Arbitrary Code Execution Vulnerability in Apache Struts Arbitrary Command Execution via CookieInterceptor Component in Apache Struts Arbitrary File Creation Vulnerability in Apache Struts ParameterInterceptor Component Remote Code Execution in Apache Struts DebuggingInterceptor Component Buffer Overflow Vulnerability in EMC NetWorker Server Improper Permission Enforcement in EMC Documentum xPlore Allows Unauthorized Object Discovery and Metadata Reading Buffer Overflow Vulnerability in EMC RSA SecurID Software Token Converter Session Cookie Validation Vulnerability in EMC Documentum eRoom Arbitrary Web Script Injection in EMC RSA enVision 4.x before 4.1 Patch 4 Inadequate Restriction of Failed Authentication Attempts in EMC RSA enVision 4.x before 4.1 Patch 4 SQL Injection Vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 Unspecified Hardcoded Credentials Vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 Directory Traversal Vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 Arbitrary Script Injection in EMC Documentum eRoom before 7.4.4 Denial of Service Vulnerability in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 Integer Overflow Vulnerability in EMC Data Protection Advisor (DPA) Library Buffer Overflow Vulnerabilities in EMC AutoStart 5.3.x and 5.4.x Directory Traversal Vulnerability in Novell GroupWise WebAccess Arbitrary Code Execution Vulnerability in Novell iPrint Client Arbitrary Web Script Injection Vulnerability in SUSE Manager 1.2 Arbitrary Code Execution Vulnerability in GroupWise Internet Agent (GWIA) Remote Code Execution Vulnerability in Novell GroupWise Client Novell GroupWise Agent HTTP Interface Directory Traversal Vulnerability Arbitrary File Creation Vulnerability in zypp-refresh-wrapper World-readable permissions for /etc/auditlog-keeper.conf in SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 Cleartext Wi-Fi Credentials Disclosure in SUSE YaST Race condition vulnerability in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 Privilege Escalation Vulnerability in yast2-add-on-creator in SUSE inst-source-utils Arbitrary Web Script Injection Vulnerability in NetIQ eDirectory Denial of Service Vulnerability in NetIQ eDirectory 8.8.6.x and 8.8.7.x on Windows Unspecified Remote Authorization Bypass Vulnerability in NetIQ eDirectory Stack-based Buffer Overflow in NetIQ eDirectory NCP Implementation Insecure Permissions in install-chef-suse.sh Script Allows Unauthorized Data Access Weak Permissions in Crowbar Server's production.log File Remote Code Execution Vulnerability in SUSE WebYaST Remote Code Execution Vulnerability in Novell GroupWise 8.0 and 2012 Bugzilla JSON-RPC API Cross-Site Request Forgery (CSRF) Vulnerability Denial of Service Vulnerability in Mozilla Network Security Services (NSS) Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Memory Corruption and Arbitrary Code Execution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey HTML5 Frame-Navigation Policy Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Information Disclosure Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Email address spoofing vulnerability in Bugzilla Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Weak Permissions for Firefox Recovery Key.html in Mozilla Firefox and SeaMonkey on Linux and Mac OS X CRLF Injection Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote attackers to cause denial of service or execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call. Bugzilla XML-RPC API Cross-Site Request Forgery (CSRF) Vulnerability Use-after-free vulnerability in Mozilla Firefox and Thunderbird on Windows 7 platforms Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Out-of-bounds read vulnerability in SVG Filters implementation in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox and Thunderbird before 10.0.3 Arbitrary JavaScript Code Execution via Dragging URL to Home Button in Mozilla Firefox, Thunderbird, and SeaMonkey CSS Keyframe Denial of Service and Arbitrary Code Execution Vulnerability UI Spoofing Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Memory corruption and application crash vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in Mozilla Firefox and Thunderbird allows remote code execution Bypassing Lockout Policy via X-Forwarded-For Header in Bugzilla Cross-Site Scripting (XSS) Vulnerability in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Remote Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Mozilla Firefox IndexedDB Use-After-Free Vulnerability Heap-based buffer overflow in nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox and Thunderbird allows remote attackers to execute arbitrary code. Arbitrary Web Script Injection Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Memory Corruption Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey WebGLBuffer::FindMaxUshortElement Function Vulnerability Universal XSS (UXSS) vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Request Forgery (CSRF) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey JSVAL_TO_OBJECT Cast Vulnerability in WebGL Subsystem Address bar spoofing vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Confidentiality Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.x Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.x Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.x Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.x Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.x Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Code Execution Vulnerability in MySQL Server Component Unspecified Local Availability Vulnerability in Oracle MySQL Server 5.5.x Unspecified Remote Code Execution Vulnerability in MySQL Server Component Unspecified Remote Code Execution Vulnerability in MySQL Server Unspecified 2D-related vulnerability in Oracle Java SE 7 and 6 allows remote attackers to compromise confidentiality, integrity, and availability Unspecified 2D-related vulnerability in Oracle Java SE Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise system security Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality and availability Unspecified vulnerability in Java Runtime Environment (JRE) allows remote code execution Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality, integrity, and availability Unspecified CORBA-related vulnerability in Oracle Java SE Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency Unspecified vulnerability in Oracle Java SE JavaFX component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Remote Vulnerability in Oracle Database Server Unspecified Remote Code Execution Vulnerability in Oracle Database Server OCI Component Unspecified vulnerability in Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite 12.0.6 and 12.1.3 Unspecified vulnerability in PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 9.1 affecting confidentiality Unspecified Remote Integrity Vulnerability in Oracle Fusion Middleware Identity Manager Connector Component Unspecified vulnerability in Oracle iPlanet Web Server component allows remote attackers to affect confidentiality, integrity, and availability via Administration Console. Unspecified vulnerability in PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Unspecified Remote Integrity Vulnerability in Oracle Application Server Single Sign-On Component Unspecified Remote Vulnerability in Oracle Database Server 11.2.0.2 on Windows Unspecified Integrity Vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products 9.1 Bundle #9 Unspecified Remote Code Execution Vulnerability in Oracle JDeveloper Component Unspecified Local Vulnerability in Oracle Grid Engine Component Unspecified File Processing Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Enterprise Manager Base Platform component Unspecified Remote Integrity Vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified Remote Integrity Vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.51 Unspecified Integrity Vulnerability in Oracle PeopleSoft Enterprise SCM Component Unspecified Integrity Vulnerability in Oracle PeopleSoft Enterprise Portal Component Unspecified vulnerability in Oracle Fusion Middleware Identity Manager component allows remote authenticated users to compromise confidentiality and integrity Confidentiality vulnerability in PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 Unspecified Integrity Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HRMS Component Unspecified HTML Page Vulnerability in Oracle E-Business Suite 12.1.3 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Search. Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect system security via unknown vectors related to bsmconv and bsmunconv. Remote authenticated users can affect availability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier through an unspecified vulnerability in the GIS Extension. Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Integrity Vulnerability in Oracle iStore Component Unspecified Remote Integrity Vulnerability in Oracle BI Publisher Unspecified Integrity Vulnerability in Oracle FLEXCUBE Universal Banking Component Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software Unspecified vulnerability in Java Runtime Environment (JRE) component with remote attack vectors involving AWT Unspecified Local Privilege Escalation Vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 and Earlier Unspecified vulnerability in Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 Unspecified vulnerability in GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container. Unspecified vulnerability in Java Runtime Environment (JRE) and GlassFish Enterprise Server allows remote attackers to affect confidentiality and integrity Unspecified vulnerability in Oracle Spatial component in Oracle Database Server Unspecified Buffer Overflow Vulnerability in yaSSL Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 Unspecified Remote Integrity Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Enterprise SCM Component Unspecified Remote Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HRMS Component Kerberos/klist Vulnerability in Oracle Solaris 9, 10, and 11 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Query. Unspecified vulnerability in Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 Unspecified Integrity Vulnerability in Oracle Agile Component in Oracle Supply Chain Products Suite Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software Unspecified Local Confidentiality Vulnerability in Oracle Sun Solaris 8, 9, and 10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to compromise confidentiality and integrity via unknown vectors related to Install/smpatch. Unspecified Local Denial of Service Vulnerability in Oracle Sun Solaris Unspecified Integrity Vulnerability in Oracle FLEXCUBE Universal Banking Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server Component Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software Unspecified Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software Unspecified Remote Availability Vulnerability in Oracle MySQL Server Component Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Universal Banking Component Unspecified Integrity Vulnerability in Oracle Agile PLM for Process Component Unspecified Remote Code Execution Vulnerability in Oracle Agile Component Unspecified Remote Integrity Vulnerability in Siebel Clinical Component Unspecified Remote Code Execution Vulnerability in MySQL Server Component IDN Spoofing Vulnerability in Apple Safari on Windows Safari Private Browsing History Insertion Vulnerability Unspecified Cross-Site Scripting (XSS) Vulnerability in WebKit for Apple iOS before 5.1 Unspecified Cross-Site Scripting (XSS) Vulnerability in WebKit for Apple iOS before 5.1 Unspecified Cross-Site Scripting (XSS) Vulnerability in WebKit for Apple iOS before 5.1 Unspecified Cross-Site Scripting (XSS) Vulnerability in WebKit for Apple iOS before 5.1 Drag-and-Drop Cross-Site Scripting (XSS) Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Improper Cookie Blocking in Apple Safari WebKit Improper Construction of Request Headers in CFNetwork in Apple iOS before 5.1 Integer Underflow Vulnerability in Apple iOS HFS Disk Image Catalog File Processing Remote Code Execution Vulnerability in Apple iOS Kernel Passcode Lock Bypass Vulnerability in Apple iOS Siri Vulnerability: Bypassing Lock Screen via Mail.app Voice Commands Title: Remote Code Execution Vulnerability in Apple iOS VPN HTTP Authentication Credential Capture Vulnerability in Apple Safari Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Privilege Escalation via Race Condition in Bluetooth Initialization Routine Buffer Overflow in DirectoryService Proxy in Apple Mac OS X through 10.6.8: Remote Code Execution and Denial of Service Vulnerability Information Disclosure Vulnerability in Apple Mac OS X 10.6.8 Directory Server Information Disclosure Vulnerability in Apple Mac OS X 10.7.3 Login Window Uninitialized Memory Access Vulnerability in libsecurity in Apple Mac OS X RSA Key Length Vulnerability in Apple Mac OS X Guest Account Login Bypass Vulnerability in Apple Mac OS X 10.7.x Screen Lock Bypass Vulnerability in Quartz Composer Buffer Overflow Vulnerability in QuickTime for Mac OS X QuickTime Integer Overflow Vulnerability Buffer Underflow Vulnerability in QuickTime for Mac OS X QuickTime Use-After-Free Vulnerability in Mac OS X 10.7.x Integer Overflow Vulnerability in Apple Mac OS X Security Framework Stack-based buffer overflows in Apple QuickTime: Remote Code Execution and Denial of Service Vulnerability Heap-based Buffer Overflow in Apple QuickTime on Windows Heap-based Buffer Overflow in Apple QuickTime 7.7.2 and Earlier Versions Stack-based Buffer Overflow in Apple QuickTime Plugin Allows Remote Code Execution Integer Signedness Error in Apple QuickTime: Remote Code Execution and Denial of Service Vulnerability Buffer Overflow Vulnerability in Apple QuickTime 7.7.2 and Earlier Buffer Overflow Vulnerability in Apple QuickTime 7.7.2 on Windows Integer Overflow in Apple QuickTime: Remote Code Execution and Denial of Service Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime Arbitrary Code Execution and Denial of Service Vulnerability in Apple iOS WebKit URL Spoofing Vulnerability in Safari for Apple iOS Time Machine Authentication Bypass Vulnerability Form Input State Tracking Vulnerability in Apple Safari iTunes Heap-based Buffer Overflow Vulnerability Arbitrary Script Injection Vulnerability in Apple Safari Arbitrary File Reading Vulnerability in Apple Safari Authentication Bypass Vulnerability in Apple Safari Cleartext VNC Session Content Exposure in Apple Remote Desktop Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution via Integer Overflow in XnViewer Arbitrary Code Execution via Integer Overflow in XnViewer Information Disclosure Vulnerability in TIBCO ActiveMatrix Runtime Platform, TIBCO ActiveMatrix Platform, TIBCO BusinessEvents Runtime, and TIBCO BusinessWorks Engine Arbitrary Web Script Injection Vulnerability in TIBCO ActiveMatrix Platform Unspecified Credential Discovery Vulnerability in TIBCO ActiveMatrix Platform Information Disclosure Vulnerability in TIBCO Spotfire Analytics Server and Applications Privilege Escalation in CA License (aka CA Licensing) before 1.90.03 Local Privilege Escalation in CA License (aka CA Licensing) before 1.90.03 Arbitrary Code Injection in submitticket.php in WHMCompleteSolution (WHMCS) 5.03 Arbitrary PHP Code Execution in SugarCRM CE <= 6.3.1 Unspecified Vulnerabilities in Google Chrome on Acer AC700, Samsung Series 5, and Cr-48 Chromebook Platforms Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM Cognos TM1 Executive Viewer Default Account Vulnerability in HP StorageWorks P2000 G3 MSA Array Systems Denial of Service Vulnerability in TrouSerS TCS Daemon (tcsd) Cross-Site Request Forgery (CSRF) Vulnerabilities in Family Connections CMS 2.9 and Earlier Credential Storage Vulnerability in InfoSphere FastTrack Client-side access control vulnerability in DataStage Administrator client in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 Privilege Escalation in IBM InfoSphere Information Server Open Redirect Vulnerability in IBM InfoSphere Information Server 8.1, 8.5, and 8.7 Arbitrary Command Execution Vulnerability in InfoSphere Import Export Manager Cleartext Storage of LDAP Credentials in IBM SONAS 1.3 Arbitrary Script Injection in IBM WebSphere Lombardi Edition 7.2 Heap-based Buffer Overflow in IBM Rational ClearQuest ActiveX Control Privilege Escalation via Crafted SQL CREATE VARIABLE Statements in IBM DB2 Denial of Service Vulnerability in IBM DB2 Heap-based Buffer Overflow in db2dasrrm process in IBM DB2 Administration Server (DAS) Denial of Service Vulnerability in IBM DB2 XMLPARSE Function Unspecified XML File Reading Vulnerability in IBM DB2 9.7 CSRF Vulnerability in IBM Maximo Asset Management and Related Products Arbitrary Web Script Injection Vulnerability in IBM Tivoli CCMDB Gantt Applet Viewer Arbitrary Script Injection in IBM WebSphere Application Server Administration Console SSLv2 Configuration Bypass in IBM WebSphere Application Server 7.0 Missing HttpOnly Flag in IBM Tivoli Endpoint Manager 8 Cookies Arbitrary Web Script Injection Vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 Arbitrary Script Injection Vulnerability in IBM WebSphere Application Server 7.0 Denial of Service Vulnerability in IBM AIX and VIOS Kernel Unspecified Memory Corruption Vulnerability in Adobe Flash Player Unspecified Memory Corruption Vulnerability in Adobe Flash Player Default Configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and Earlier Allows Unencrypted Communication SQL Injection Vulnerability in IBM Maximo Asset Management 7.5 Arbitrary SQL Command Execution Vulnerability in IBM Maximo Asset Management Unrestricted File Upload Vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x CSRF Vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x Service-Account Impersonation Vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x Unverified X.509 Certificate Vulnerability in IBM Rational AppScan Enterprise Session Hijacking Vulnerability in IBM Rational AppScan Enterprise Improper Job Import Vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x Improper Scanning of File: URLs in IBM Rational AppScan Enterprise 5.x and 8.x Arbitrary Code Execution Vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x Arbitrary Web Script Injection Vulnerability in IBM Rational AppScan Enterprise X.509 Certificate Validation Bypass Vulnerability in IBM Security AppScan Enterprise and Rational Policy Tester Arbitrary Web Script Injection Vulnerability in IBM Tivoli Directory Server Web Admin Tool X.509 Certificate Validation Bypass in IBM Security AppScan Enterprise and Rational Policy Tester Sensitive Information Exposure in IBM Tivoli Event Pump 4.2.2 Denial of Service Vulnerability in IBM Tivoli Directory Server (TDS) 6.3 and Earlier Information Disclosure Vulnerability in IBM Rational ClearQuest Privilege Escalation via getpwnam Function in IBM AIX and VIOS Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management 7.5 Arbitrary SQL Command Execution Vulnerability in IBM Maximo Asset Management CSRF Vulnerabilities in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Type Confusion Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player Unspecified Access Restriction Bypass Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Heap-based Buffer Overflow in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Cross-Site Scripting (XSS) Vulnerabilities in Adobe RoboHelp 8 and 9 for Word Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Universal Cross-Site Scripting (UXSS) Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Integer Handling Vulnerability in Adobe Flash Player Adobe ColdFusion Denial of Service Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Unspecified ActiveX Control URL Security Domain Checking Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and AIR Arbitrary Code Execution via Crafted TrueType Font in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Flash Professional Object Confusion Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Illustrator Remote Denial of Service Vulnerability in PHP 5.3.8 Tidy_diagnose Function Cross-Site Scripting (XSS) Vulnerabilities in WordPress Installation Component Hash DoS Attack Vulnerability in Jenkins Arbitrary File Overwrite and Information Disclosure Vulnerability in Augeas Transform_Save Function Vulnerability: Arbitrary File Overwrite and Information Disclosure in Augeas PDO Session Handling Denial of Service Vulnerability Memory Leak in PHP Timezone Functionality Allows Remote Denial of Service Arbitrary Web Script Injection in Smokeping's smokeping_cgi Multiple Cross-Site Scripting (XSS) Vulnerabilities in Horde IMP and Horde Groupware Webmail Edition Information Disclosure Vulnerability in Moodle 1.9.x Arbitrary User Account Profile Image Disclosure in Moodle Hardcoded Password Vulnerability in Moodle Email Address Validation Bypass in Moodle Arbitrary Email Header Injection in PHPMailer Library Token Bypass Vulnerability in Moodle Web Services Role Escalation Vulnerability in Moodle 2.1.x and 2.2.x Session Key Disclosure in Moodle 2.0.x and 2.1.x Form-Autocompletion Vulnerability in Moodle 2.x: Password Exposure through Non-Password Fields Multiple Instance Handling Vulnerability in lib/formslib.php in Moodle 2.1.x and 2.2.x Buffer Overflow Vulnerabilities in Spamdyke before 4.3.0: Remote Code Execution Authentication Bypass Vulnerability in Apache CXF 2.4.5 and 2.5.1 CVS Proxy Connect Function Heap-Based Buffer Overflow Vulnerability SQL Injection Vulnerabilities in SQLAlchemy Buffer Overflow Vulnerability in Bip 0.8.8 and Earlier: Remote Code Execution via TCP Connections Stack-based Buffer Overflow in Suhosin Extension's Cookie Encryption Feature Predictable Temporary File Names and Symlink Attack Vulnerability in as31 2.3.1-4 Format String Vulnerability in Sudo's sudo_debug Function Per-CPU Debug Stack Vulnerability in Linux Kernel SQL Injection Vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in PostfixAdmin 2.3.4 Sensitive Information Disclosure in Wicd Log Files Information Disclosure in OpenSSH's auth_parse_options Function Denial of Service and Arbitrary Code Execution Vulnerability in RPM Denial of Service Vulnerability in Samba 3.6.x XML External Entity (XXE) Injection Vulnerability in RESTEasy before 2.3.1 Unspecified Information Disclosure Vulnerability in Joomla! 1.6.x and 1.7.x Unspecified Cross-Site Scripting (XSS) Vulnerability in Joomla! 1.6.x and 1.7.x Unspecified Information Disclosure Vulnerability in Joomla! 1.6.x and 1.7.x Unspecified Cross-Site Scripting (XSS) Vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 Denial of Service Vulnerability in VP8 Codec SDK (libvpx) before 1.0.0 Duclair Format String Vulnerability in Gnusound 0.7.5 Unverified Attribute Exchange (AX) Information Modification Vulnerability CSRF Vulnerability in Drupal Aggregator Module Arbitrary File Read Vulnerability in Drupal 7.x Heap-based Buffer Overflow in Xchat-WDK Allows Remote Code Execution Cross-Site Request Forgery (CSRF) Vulnerabilities in Mibew Messenger 1.6.4 and Earlier Arbitrary Code Execution via Large Number of Variables in PHP 5.3.9 SQL Injection Vulnerability in PHP before 5.3.10 Denial of Service Vulnerability in 389 Directory Server 1.2.10 Arbitrary Web Script Injection in phpLDAPadmin 1.2.2 and Earlier Unspecified Sensitive Information Disclosure Vulnerability in Joomla! 1.7.x and 2.5.x Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows unauthorized access to error log Unspecified Vector Vulnerability in Joomla! 1.7.x and 2.5.x Remote Code Execution Vulnerability in Apache Struts 2 Hash Collision Denial of Service Vulnerability in OCaml 3.12.1 and Earlier Denial of Service Vulnerability in APR Hash Table Denial of Service Vulnerability in libxml2 XML Parser Local User Cookie Jar Read Access Vulnerability uzbl: Privacy Breach through World-Readable Cookies Storage File World-readable cookie jar in Netsurf through 2.8 allows information disclosure Denial of Service Vulnerability in SimpleXMLRPCServer in Python Arbitrary Script Injection in Craig Knudsen WebCalendar 1.2.4 Heap-based Buffer Overflow in avfilter_filter_samples Function in FFmpeg Heap-based Buffer Overflow in ws_snd_decode_frame function in FFmpeg 0.9.1 Integer Overflow in FFmpeg's ff_j2k_dwt_init Function Buffer underflow vulnerability in sbr_qmf_synthesis function in FFmpeg before 0.9.1 Denial of Service and Arbitrary Code Execution in FFmpeg and Libav H.264 Decoder Denial of Service and Arbitrary Code Execution in ADPCM Decoder Atrac3 Codec Remote Code Execution Vulnerability Heap-based buffer overflow in dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 Heap-based buffer overflow in get_sot function in J2K decoder in libavcodec in FFmpeg before 0.9.1 Heap-based Buffer Overflow in MPV_frame_start Function in FFmpeg Multiple Buffer Overflows in J2K Decoder in FFmpeg Shorten Codec Denial of Service and Arbitrary Code Execution Vulnerability Denial of Service and Arbitrary Code Execution Vulnerability in FFmpeg's Vorbis Codec Untrusted Search Path Vulnerabilities in Red Hat Enterprise Virtualization Manager Insecure SSL Certificate Validation in vds_installer Allows Remote Code Execution Vulnerability: Access Restriction Bypass in Xinetd World-readable permissions for Mumble configuration files in home directories Integer Overflow in vfprintf Function in glibc Allows Format String Attacks and Arbitrary Memory Write Open Redirect Vulnerabilities in CubeCart 3.0.20 and Earlier: Remote Phishing Attacks Insecure Execution of Trigger Functions in PostgreSQL SSL Certificate Truncation Vulnerability in PostgreSQL CRLF Injection Vulnerability in pg_dump in PostgreSQL Arbitrary Web Script Injection Vulnerability in Frams' Fast File EXchange (F*EX) Heap-based Buffer Overflow in Samba 3.0 Allows Remote Code Execution Arbitrary File Overwrite Vulnerability in systemd-logind Multiple Cross-Site Scripting (XSS) Vulnerabilities in OxWall 1.1.1 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Boonex Dolphin before 7.0.8 Unauthenticated Remote Code Execution in JBoss EAP, EWP, BRMS, and SOA Platforms DWARF Data Read Vulnerability in SystemTap XML Parser Hash Collision Denial of Service Vulnerability PyXML Hash Table Collisions: CPU Usage DoS Vulnerability Improper Group Membership Setting in Paste Script 1.7.5 and Earlier Denial of Service Vulnerability in Linux Kernel's Block Device I/O Implementation Apache Xerces-C++ Denial of Service Vulnerability via Hash Table Collisions Denial of Service (CPU Consumption) Vulnerability in Apache Xerces2 Java Parser Buffer Overflow Vulnerability in yaSSL in MySQL 5.5.x and 5.1.x Privilege Escalation via LD_LIBRARY_PATH in Apache HTTP Server OpenSSL Vulnerability: Million Message Attack (MMA) Adaptive Chosen Ciphertext Attack Denial of Service Vulnerability in Asterisk Open Source 1.8.x and 10.x Arbitrary Web Script Injection in Puppet Dashboard and Enterprise Arbitrary Web Script Injection in Count Per Day WordPress Plugin Absolute Path Traversal Vulnerability in Count Per Day WordPress Plugin JPEG2000 Plugin Buffer Overflow Vulnerability in IrfanView PlugIns Arbitrary File Read Vulnerability in myEASYbackup Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Annuaire PHP's referencement/sites_inscription.php Cross-Site Scripting (XSS) Vulnerabilities in Beehive Forum 1.0.1 Arbitrary Web Script Injection in YouSayToo Auto-Publishing Plugin for WordPress AirTies Air 4450 1.1.2.18 Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Zimbra Desktop 7.1.2 b10978 Denial of Service Vulnerability in VLC Media Player 1.1.11 via Long String in AMR File SQL Injection Vulnerability in deV!L'z Clanportal (DZCP) Gamebase Addon SQL Injection Vulnerability in Moviebase Addon for deV!L'z Clanportal (DZCP) 1.5.5 Arbitrary File Write Vulnerability in NeoAxis NeoAxis Web Player Arbitrary Web Script Injection in SimpleSAMLphp logout.php Arbitrary Script Injection in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 Arbitrary PHP Code Execution in TikiWiki CMS/Groupware Arbitrary SQL Command Execution Vulnerability in Stoneware webNetwork SQL Injection Vulnerability in ICloudCenter ICTimeAttendance 1.0: Remote Code Execution via passw Parameter Arbitrary Web Script Injection via Region Title in Panels Module for Drupal Heap-based Buffer Overflow in RenRen Talk 2.9 via Crafted Skin File Dimensions Remote Code Execution Vulnerability in RenRen Talk 2.9 via Crafted Image in Chat Message Arbitrary Web Script Injection Vulnerability in Hitachi IT Operations Analyzer Unspecified Remote Code Execution Vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite Arbitrary Web Script Injection Vulnerability in Hitachi IT Operations Director Dropbear SSH Server Use-After-Free Vulnerability Arbitrary Code Execution Vulnerability in RealPlayer Remote Code Execution Vulnerability in RealPlayer's RV20 Codec Arbitrary Code Execution Vulnerability in RealPlayer Versions 11.x, 14.x, and 15.x Arbitrary Code Execution Vulnerability in RealPlayer's RV40 Codec Arbitrary Code Execution Vulnerability in RealPlayer's RV10 Codec Arbitrary Code Execution Vulnerability in RealPlayer Arbitrary Code Execution Vulnerability in RealPlayer ATRAC Codec Buffer Overflow Vulnerabilities in Schneider Electric Modicon Quantum PLC Schneider Electric Modicon Quantum PLC XSS Vulnerability Unauthenticated Remote Code Execution Vulnerability in Schneider Electric Modicon Quantum PLC Lead Capture Page System - Cross-Site Scripting (XSS) Vulnerability in admin/login.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in Acidcat CMS 3.5.x Theme Tuner Plugin for WordPress 0.8 - PHP Remote File Inclusion Vulnerability in ajax/savetag.php SQL Injection Vulnerability in Default.aspx in Aryadad CMS Cross-site scripting (XSS) vulnerability in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 in SecurityAuthenticationEventOnmsEventBuilder.java Unrestricted MySQL Queries in WordPress Installation Component Multiple SQL Injection Vulnerabilities in TestLink 1.9.3, 1.8.5b, and Earlier SQL Injection Vulnerabilities in TestLink 1.8.5b and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiGate UTM WAF Appliances with FortiOS 4.3.x before 4.3.6 Buffer Overflow Vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x Arbitrary File Deletion Vulnerability in LightDM 1.0.x and 1.1.x Unauthenticated Package Installation Vulnerability in Aptdaemon Root Privilege Escalation: Arbitrary File Removal Vulnerability Arbitrary Memory Access Vulnerability in NVIDIA UNIX Driver Heap-based buffer overflow in vqa_decode_chunk function in libavcodec allows remote attackers to execute arbitrary code via a crafted VQA media file. Weak Permissions in Update Manager Allow Local Users to Obtain Repository Credentials Information Disclosure Vulnerability in Ubuntu Update Manager Information Disclosure Vulnerability in Update Manager Memory Corruption Vulnerability in NVIDIA Graphics Drivers 29549 Heap Buffer Overflow in Nvidia Linux Driver's Device Control Ioctl Race Condition in Linux Nvidia Graphics Drivers Allows Kernel Memory Exfiltration Incomplete Fix for GnuPG Argument Order Vulnerability in APT Vulnerability: Incorrect TLS Certificate Validation in software-properties/ppa.py Arbitrary Code Execution and File Read Vulnerability in ubiquity-slideshow-ubuntu Information Disclosure Vulnerability in Linux Kernel's override_release Function Exposure of Sensitive Information via Unity Firefox Extension's toDataURL Function Account Information Leakage in Remote Login Service (RLS) 1.0.0 Denial of Service and Remote Code Execution Vulnerability in Unity Integration Extension for Firefox World-readable permissions for /var/log/apt/term.log in Ubuntu Insecure Key Import in Aptdaemon 0.43 SQL Injection Vulnerabilities in OSClass before 2.3.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in OSClass 2.3.5 and Earlier Arbitrary Web Script Injection Vulnerability in Image Hosting Script DPI Arbitrary Script Injection in SilverStripe 2.4.6 Admin/EditForm Stack-based Buffer Overflow in LuraWave JP2 ActiveX Control Allows Remote Code Execution Remote Code Execution Vulnerability in LuraWave JP2 Browser Plug-In TWiki Cross-Site Scripting (XSS) Vulnerability in User Profile Organization Field SQL Injection Vulnerability in phux Download Manager's download.php phpShowtime 2.0 Directory Traversal Vulnerability SQL Injection Vulnerability in Vastal I-Tech Agent Zone: Arbitrary SQL Command Execution via price_from Parameter SQL Injection Vulnerability in Scriptsez.net Ez Album XOOPS Multiple Cross-Site Scripting (XSS) Vulnerabilities Multiple buffer overflows in Wireless Manager ActiveX control 4.0.0.0 in Sony VAIO PC Wireless LAN Wizard and other related software Multiple Cross-Site Scripting (XSS) Vulnerabilities in ImpressCMS 1.2.x and 1.3.x Directory Traversal Vulnerability in edituser.php in ImpressCMS 1.2.x and 1.3.x Cross-Site Scripting (XSS) Vulnerabilities in KnowledgeTree 3.7.0.2 and Earlier Versions OneOrZero AIMS 2.8.0 Trial Edition XSS Vulnerability in index.php CSRF Vulnerability in DClassifieds 0.1 Final Allows Remote Account Hijacking Directory Traversal Vulnerabilities in OpenEMR 4.1.0 Arbitrary Command Execution in OpenEMR 4.1.0 via fax_dispatch.php Arbitrary PHP Code Execution via Eval Injection in ZENphoto 1.4.2 Arbitrary SQL Command Execution in ZENphoto 1.4.2 Manage Albums Feature Multiple Cross-Site Scripting (XSS) Vulnerabilities in ZENphoto 1.4.2 Directory Traversal Vulnerabilities in 11in1 1.2.1 Stable 12-31-2011 CSRF Vulnerability in 11in1 1.2.1 Allows Remote Authentication Hijacking LEPTON Account Preferences Directory Traversal Vulnerability SQL Injection Vulnerability in LEPTON CMS (modules/news/rss.php) Multiple Cross-Site Scripting (XSS) Vulnerabilities in LEPTON 1.1.3 and Earlier Versions Insecure Authentication Lockout Handling in Limit Login Attempts Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in ahmyi RivetTracker's changeColor function Cross-Site Scripting (XSS) Vulnerability in ahmyi RivetTracker (VDB-217271) Cross-Site Scripting Vulnerability in backdrop-contrib Basic Cart on Drupal (VDB-217950) Cross Site Scripting (XSS) Vulnerability in manikandan170890 php-form-builder-class Critical SQL Injection Vulnerability in ale7714 sigeprosi (VDB-218493) Cross-Site Scripting (XSS) Vulnerability in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress Critical SQL Injection Vulnerability in uakfdotb oneapp (VDB-221483) Critical SQL Injection Vulnerability in 404like Plugin up to 1.0.2 on WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 Cross-Site Request Forgery Vulnerability in BestWebSoft Contact Form 3.21 SQL Injection Vulnerability in HD FLV Player Plugin up to 1.7 on WordPress (VDB-225350) Cross-Site Request Forgery Vulnerability in BestWebSoft Facebook Like Button Plugin Cross-Site Scripting (XSS) Vulnerability in Kau-Boy Backend Localization Plugin up to 1.6.1 Cross-Site Scripting (XSS) Vulnerability in Kau-Boy Backend Localization Plugin 2.0 on WordPress Cross-Site Request Forgery Vulnerability in BestWebSoft Twitter Plugin up to 2.14 on WordPress Information Disclosure Vulnerability in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress Cross-Site Request Forgery Vulnerability in BestWebSoft Portfolio Plugin up to 2.04 on WordPress SQL Injection Vulnerability in OpenConf 4.x before 4.12 in author/edit.php Integer Overflow Vulnerability in Opera 11.60 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Foswiki UI/Register.pm Cross-Site Scripting (XSS) Vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Apache Struts 2.0.14 and 2.2.3 Cross-Site Scripting (XSS) Vulnerabilities in Apache Struts 1.3.10 Denial of Service Vulnerability in OfficeSIP Server 3.1 Denial of Service Vulnerability in NetSarang Xlpd and Xmanager Enterprise Unrestricted File Upload Vulnerability in AllWebMenus Plugin for WordPress Arbitrary PHP Code Execution via AllWebMenus Plugin in WordPress Improper Access Control in MIT Kerberos 5 (krb5) 1.10 before 1.10.1 NULL pointer dereference vulnerability in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 Uninitialized Pointer Dereference and Code Execution Vulnerability in MIT Kerberos 5 Arbitrary Code Execution and Denial of Service Vulnerability in MIT Kerberos 5 Denial of Service Vulnerability in MIT Kerberos 5 PKINIT Implementation Multiple SQL Injection Vulnerabilities in BASE 1.4.5 Arbitrary Web Script Injection in D-Mack Media Currency Converter Joomla! Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in XWiki Enterprise 3.4 Cross-Site Scripting (XSS) Vulnerabilities in NexorONE Online Banking Login Page Arbitrary Web Script Injection in 4images 1.7.10 admin/categories.php SQL Injection Vulnerability in 4images 1.7.10: Remote Code Execution via admin/categories.php Open Redirect Vulnerability in 4images 1.7.10: Remote Phishing Attack via admin/index.php Enigma2 Webinterface 1.5rc1 and 1.5beta4 Directory Traversal Vulnerability Enigma2 Webinterface Absolute Path Traversal Vulnerability SQL Injection Vulnerabilities in XRay CMS 1.1.1 Login2.php Arbitrary Web Script Injection in ]project-open[ Account-Closed.tcl Arbitrary Web Script Injection Vulnerability in SimpleGroupware 0.742 and Earlier Versions SQL Injection Vulnerability in Tube Ace 1.6: Remote Code Execution via q Parameter DotNetNuke 6.x through 6.0.2 User-Assisted Remote Cross-Site Scripting (XSS) Vulnerability Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2 allows remote authenticated users to obtain unauthorized WebAdmins access Euroling SiteSeeker Module 3.x XSS Vulnerability Ghost Domain Names Attack: Resolver Overwrites Cached Server Names and TTL Values in ISC BIND 9 through 9.8.1-P1 Unspecified Cross-Site Scripting (XSS) Vulnerabilities in EPiServer CMS through 6R2 Denial of Service Vulnerability in AdaCore Ada Web Services (AWS) Arbitrary Script Injection in Telerik HTML Editor in DotNetNuke Remote Code Execution in GLPI 0.78-0.80.61 via PHP Remote File Inclusion in front/popup.php WebAAA Login Functionality XSS Vulnerability in Juniper Networks Mobility System Software (MSS) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Dotclear before 2.4.2 Arbitrary Web Script Injection in IBM Cognos TM1 9.5.2 FP1 Arbitrary File Inclusion Vulnerability in Cyberoam Central Console (CCC) 2.00.2 Arbitrary Web Script Injection Vulnerability in eFront Community++ Edition 3.6.10 Cross-Site Scripting (XSS) Vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 Mathopd Directory Traversal Vulnerability XnView JPEG2000 Plug-in Heap-Based Buffer Overflow Vulnerability Remote Code Execution Vulnerability in IvanView 1.2.15 via Crafted JP2 File Improper Group Privilege Management in Puppet SUIDManager Privilege escalation via symlink attack on .k5login in Puppet Heap-based Buffer Overflow in PhotoLine 17.01 and Earlier Versions via Crafted JP2 File Unrestricted Access to Node Titles in Forward Module for Drupal CSRF Vulnerability in Forward Module for Drupal CSRF Vulnerability in Flyspray 0.9.9.6 Allows Remote Admin Account Hijacking Cross-site scripting (XSS) vulnerability in osCommerce Online Merchant 3.0.2 in main.php Cross-Site Scripting (XSS) Vulnerabilities in Taxonomy Module of Drupal GForge Advanced Server 6.0.0 SQL Injection Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in ManageEngine Applications Manager 9.x and 10.x SQL Injection Vulnerabilities in ManageEngine Applications Manager 9.x and 10.x Arbitrary Web Script Injection in EMC RSA Archer SmartSuite Framework and RSA Archer GRC Arbitrary File Creation/Overwrite Vulnerability in TuxScripting.dll Arbitrary Web Script Injection via Title Bar in SmartyCMS 0.9.4 SQL Injection Vulnerability in WP-RecentComments Plugin 2.0.7 for WordPress Arbitrary Script Injection in WP-RecentComments Plugin for WordPress Arbitrary Web Script Injection Vulnerability in lknSupport's Search Module Arbitrary Web Script Injection in Modern FAQ Extension for TYPO3 SQL Injection Vulnerability in Kitchen Recipe Extension for TYPO3 (mv_cooking) Arbitrary SQL Command Execution in TYPO3 Category-System Extension Arbitrary Web Script Injection Vulnerability in TYPO3 Category-System Extension Arbitrary SQL Command Execution in White Papers Extension for TYPO3 Arbitrary SQL Command Execution in TYPO3 Documents Download Extension Arbitrary Code Injection through Cross-Site Scripting (XSS) in TYPO3 Documents Download Extension Arbitrary SQL Command Execution in TYPO3 bc_post2facebook Extension Unprotected Backup Output Directory in TYPO3 System Utilities Extension Unspecified Remote Code Execution Vulnerability in TYPO3 Webservices Extension Euro Calculator Extension 0.0.1 XSS Vulnerability Arbitrary Web Script Injection in Yet Another Google Search Extension for TYPO3 Arbitrary Web Script Injection in Terminal PHP Shell Extension for TYPO3 CSRF Vulnerability in Terminal PHP Shell Extension for TYPO3 Arbitrary Web Script Injection in TYPO3 BE User Switch Extension Unspecified Information Disclosure Vulnerability in BE User Switch Extension for TYPO3 Arbitrary Web Script Injection in TYPO3 UrlTool Extension (aeurltool) 0.1.0 Arbitrary Code Injection through TYPO3 Facebook Extension Local Privilege Escalation via Symlink Attack in iproute2 Apache Wicket Directory Traversal Vulnerability Denial of Service Vulnerability in Linux Kernel's cifs_lookup Function Privilege Escalation Vulnerability in Debian x11-common Package Vulnerability: Exposed Root Context in JBoss AS 7 and mod_cluster Arbitrary Command Execution Vulnerability in osc before 0.134 Local Privilege Escalation in NetworkManager 0.9 and Earlier: Unauthorized Access to Certificates and Private Keys Linux Kernel regset Feature NULL Pointer Dereference Vulnerability Cross-site scripting (XSS) vulnerability in Ruby on Rails versions 3.0.x to 3.2.x Cross-site scripting (XSS) vulnerability in Ruby on Rails select helper LDAP Authentication Bypass Vulnerability in Red Hat JBoss Operations Network (JON) Denial of Service Vulnerability in systemd 37-1 XML::Atom Perl Module XML External Entity (XXE) Vulnerability Arbitrary File Read Vulnerability in Notmuch Emacs Interface Security Bypass Vulnerability in phpCAS 1.2.2 Library: Proxy Service Management Insecure Debug Logging in Jasig Project php-pear-CAS 1.2.2 Package Improper Group Permissions on Core Dump Files in ABRT C Handler Plug-in Denial of Service Vulnerability in TagLib 1.7 and Earlier Denial of Service Vulnerability in TagLib's parse function Denial of Service Vulnerability in mwlib 0.13 through 0.13.4 when Parsing #iferror Magic Functions Multiple Cross-Site Scripting (XSS) Vulnerabilities in Etano 1.22 and Earlier Improper File Descriptor Handling in lightdm before 1.0.9 Arbitrary File Inclusion Vulnerability in Open-Realty CMS 2.5.8 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Gallery 2 and 3 Administration Subsystem LDAP Account Manager (LAM) Pro 3.6 XSS Vulnerability LDAP Account Manager (LAM) Pro 3.6 Cross-Site Scripting (XSS) Vulnerability Arbitrary SQL Command Execution Vulnerability in Joomla! 1.7.x and 2.5.x Arbitrary Web Script Injection Vulnerability in Joomla! 2.5.0 and 2.5.1 Bypassing Access Restrictions in MantisBT Lack of Audit Trail for Bug Report Copying in MantisBT before 1.2.9 Arbitrary Bug Deletion Vulnerability in MantisBT SOAP API Vulnerability: Unauthorized Modification and Deletion of Global Categories in MantisBT Improper Access Control in MantisBT Bug Moving Vulnerability Authentication Bypass Vulnerability in MantisBT SOAP API SQL Injection Vulnerability in phxEventManager 2.0 beta 5: Remote Code Execution via search_terms Parameter Arbitrary Code Execution via Unrestricted File Upload in Kish Guest Posting Plugin for WordPress Arbitrary Code Execution and Denial of Service Vulnerability in FreeType Remote Code Execution via Crafted BDF Font in FreeType Remote Code Execution via Crafted TrueType Font in FreeType Remote Code Execution via Crafted SFNT String in Type 42 Font Remote Code Execution via Crafted Property Data in PCF Font Remote Code Execution via Font Cell Table Vulnerability Type 1 Font Parsing Vulnerability in FreeType Remote Code Execution via Crafted BDF Font in FreeType Type 1 Font Remote Code Execution Vulnerability Remote Code Execution and Denial of Service Vulnerability in FreeType Remote Code Execution via Crafted BDF Font in FreeType Remote Code Execution via Crafted BDF Font Header in FreeType Remote Code Execution via MIRP Instruction in FreeType Array Index Error in FreeType: Remote Code Execution via Crafted Glyph Data in BDF Font Remote Code Execution via Crafted PostScript Font Object Remote Code Execution via Crafted ASCII String in BDF Font Remote Code Execution via Crafted Glyph-Outline Data in FreeType Denial of Service Vulnerability in FreeType Remote Code Execution via Crafted TrueType Font in FreeType Denial of Service Vulnerability in spacewalk-backend in Red Hat Network Satellite 5.4 Multiple Event Registration Vulnerability in Linux Kernel Denial of Service Vulnerability in Expat's readfilemap.c Memory Leak in expat's poolGrow Function Allows Denial of Service Integer Overflow in vclmi.dll Module in OpenOffice.org and LibreOffice Hash Collision Vulnerability in Python Format string vulnerabilities in DBD::Pg module allow remote PostgreSQL servers to cause denial of service Format string vulnerabilities in YAML::LibYAML module 0.38 for Perl Arbitrary Code Execution via Unrestricted File Upload in appRain CMF 0.1.5 and Earlier Root Context Exposure Vulnerability in mod_cluster 1.0.10 and 1.1.x Moodle Database Activity Export Permission Issue Inclusion of Users' Private Files in Course Backups in Moodle before 2.2.2 Default Repository Access Vulnerability in Moodle 2.2.2 and earlier versions Course Information Leak in Gradebook: Hidden Grade Items Exposed in Export (Moodle < 2.2.2) Hidden Course Disclosure Vulnerability in Moodle before 2.2.2 Unenrolled Users Can Manipulate Forum Subscriptions in Moodle before 2.2.2 Hidden courses leak in Moodle tag search results Heap-based Buffer Overflow in libzip 0.10's _zip_readcdir Function Arbitrary Code Execution and Information Leak via Integer Overflow in libzip 0.10 Denial of Service in OpenLDAP 2.4.30 due to Assertion Failure NULL pointer dereference vulnerability in OpenSSL before 0.9.8u and 1.x before 1.0.0h in mime_param_cmp function Arbitrary Command Execution via Default Keybindings in LTSP Display Manager (ldm) 2.2.x before 2.2.7 Arbitrary Application Access Vulnerability in JBoss Server Password Reset Vulnerability in Moodle before 2.2.2 Personal Information Disclosure in Moodle 2.2.2 and earlier versions Insufficient Capability Checks in Moodle External Enrolment Plugin Remote File Read Vulnerability in PHP 5.x via libxml RSHUTDOWN Function Invalid Character Handling Vulnerability in PHP File-Upload Implementation Heap-based Buffer Overflow in LibTIFF 3.9.4 due to Integer Overflows in tiff_getimage.c Symlink Attack Vulnerability in systemd-logind Allows Arbitrary File Deletion Integer Overflow in GnashImage::size Method in GNU Gnash 0.8.10 Buffer Overflow in fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 SSL Certificate Validation Bypass in libgdata Denial of Service Vulnerability in MSN Protocol Plugin in Pidgin Denial of Service Vulnerability in Linux Kernel with KVM Remote Information Disclosure Vulnerability in nginx Denial of Service Vulnerability in mod_fcgid module 2.3.6 Remote Code Execution Vulnerability in Samba RPC Code Generator Stack-based buffer overflow in milliwatt_generate function in Asterisk application before 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1 allows remote attackers to cause denial of service. Stack-based Buffer Overflow in ast_parse_digest function in Asterisk 1.8.x and 10.x before 10.2.1 Integer Overflow in ResolutionUnit Tag in ImageMagick 6.7.5 and Earlier Integer Overflow in SyncImageProfiles Function in ImageMagick 6.7.5-8 and Earlier Allows Remote DoS Improper Dropping of Extra Group Privileges in Bitlbee's unix.c Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fork CMS before 3.2.7 Stack-based Buffer Overflow in TORCS and Speed Dreams Allows Arbitrary Code Execution Arbitrary Web Script Injection in phpMyAdmin Replication-Setup Functionality Ghost Domain Names Attack: DNS Resolver in djbdns 1.05 Overwrites Cached NS Records and TTL Values Ghost Domain Names Attack Vulnerability in Unbound DNS Resolver Ghost Domain Names Attack: Exploiting Resolver Overwrite Vulnerability in PowerDNS Recursor 3.3 Ghost Domain Names Attack: DNS Resolver Vulnerability in Windows Server 2008 Arbitrary Code Execution via Unrestricted File Upload in Lenovo ThinkManagement Console 9.0.3 Arbitrary File Deletion Vulnerability in Lenovo ThinkManagement Console 9.0.3 Arbitrary Code Execution via Integer Overflow in ACDSee 14.1 Build 137 Arbitrary Code Execution Vulnerability in BASE 1.4.5 via File Upload and Access Multiple PHP Remote File Inclusion Vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 Multiple PHP Remote File Inclusion Vulnerabilities in Nova CMS CSRF Vulnerability in SyndeoCMS 3.0 and Earlier Allows Unauthorized User Account Creation Remote File Inclusion Vulnerability in Relocate Upload Plugin for WordPress Heap-based buffer overflow in Hancom Office 2010 SE 8.5.5 due to integer overflows in image filter modules Directory Traversal Vulnerability in Fork CMS 3.2.4 and Earlier Versions Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fork CMS 3.2.4 and Earlier Versions Arbitrary Web Script Injection Vulnerability in Fork CMS 3.2.4 SQL Injection Vulnerability in Powie pFile 1.02: Remote Code Execution via id Parameter Arbitrary Web Script Injection in Powie pFile 1.02 via pfile/kommentar.php Cross-site scripting (XSS) vulnerability in smwfOnSfSetTargetName function in SMW+ 1.5.6 and earlier Arbitrary Web Script Injection in Zimbra Web Client Arbitrary Script Injection in Yoono Desktop Application's Add Friends Module Cross-site scripting (XSS) vulnerability in Yoono extension's Add friends module allows remote code injection via Create a group action. CSRF Vulnerabilities in PBBoard 2.1.4 Admin Panel Allow Remote Authentication Hijacking Multiple Cross-Site Scripting (XSS) Vulnerabilities in STHS v2 Web Portal 2.2 SQL Injection Vulnerabilities in freelancerKit 2.35: Remote Code Execution via Notes and Tickets Components Multiple Cross-Site Scripting (XSS) Vulnerabilities in freelancerKit 2.35 CSRF Vulnerability in GAzie 5.20 and Earlier Allows Account Hijacking Telnet Server Directory Traversal Vulnerability in RabidHamster R2/Extreme 1.65 and Earlier Remote Code Execution Vulnerability in RabidHamster R2/Extreme 1.65 and Earlier Insufficient PIN Number Search Space in RabidHamster R2/Extreme 1.65 and Earlier ContentLion Alpha 1.3 Login Page XSS Vulnerability SQL Injection Vulnerabilities in Dolibarr CMS 3.2.0 Alpha and Earlier Directory Traversal Vulnerabilities in Dolibarr CMS 3.2.0 Alpha CSRF Vulnerabilities in Pluck 4.7 Admin Panel SQL Injection Vulnerability in Advantech/BroadWin WebAccess 7.0 Incomplete Fix for Cross-Site Request Forgery (CSRF) Vulnerability in Advantech/BroadWin WebAccess 7.0 Janetter before 3.3.0.0 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities CSRF Vulnerability in SENCHA SNS Allows Remote User Hijacking Session Fixation Vulnerability in SENCHA SNS before 1.0.2: Remote Session Hijacking Authentication Bypass Vulnerability in TOSHIBA TEC e-Studio MFP Devices Unspecified Cross-Site Scripting (XSS) Vulnerability in RECRUIT Dokodemo Rikunabi 2013 Extension for Google Chrome Arbitrary Ruby Code Execution in ActiveScriptRuby (ASR) via Crafted HTML Document Untrusted Search Path Vulnerability in JustSystems Ichitaro Software Improper WebView Implementation in TwitRocker2 Android App Allows Information Disclosure Vulnerability: SSL Certificate Verification Bypass in NTT DOCOMO sp mode mail application Arbitrary Web Script Injection in OSQA Cleanup URLs Function Arbitrary Web Script Injection via Crafted Cookie in KENT-WEB WEB MART 1.7 and Earlier Arbitrary Web Script Injection via CSS Expressions in KENT-WEB WEB MART 1.7 and Earlier Session Hijacking Vulnerability in baserCMS 1.6.15 and earlier Sensitive Information Disclosure in iLunascape Android App Authentication Bypass Vulnerability in Logitec LAN-W300N/R Routers X.509 Certificate Verification Vulnerability in Opera before 9.63 Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote code injection via malicious feeds XSS Vulnerability in Roundcube Webmail Allows Remote Code Injection via Embedded Image Attachment Unspecified Cross-Site Scripting (XSS) Vulnerability in Segue 2.2.10.2 and Earlier Arbitrary SQL Command Execution Vulnerability in Segue 2.2.10.2 and Earlier Bypassing Authentication in EasyVista Single Sign-On Implementation Cleartext Communication Vulnerability in Pidgin 2.10.0 via DBUS Arbitrary User Account Creation with Administrator Privileges in Plixer International Scrutinizer NetFlow & sFlow Analyzer Multiple SQL Injection Vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer Cross-site scripting (XSS) vulnerability in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204 and earlier versions Arbitrary Web Script Injection in Plixer International Scrutinizer NetFlow and sFlow Analyzer Arbitrary Web Script Injection in Movable Type's mt-wizard.cgi Arbitrary Code Execution Vulnerability in Gretech GOM Media Player Hardcoded Credentials Vulnerability in UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock Device Directory Traversal Vulnerabilities in SAP NetWeaver 7.0 Arbitrary Web Script Injection Vulnerability in SAP NetWeaver 7.0 Unspecified Information Disclosure Vulnerability in SAP NetWeaver 7.0 Information Disclosure Vulnerability in SAP NetWeaver MessagingSystem Servlet Cross-Site Scripting (XSS) Vulnerabilities in Frams' Fast File EXchange (F*EX) SQL Injection Vulnerability in CONTIMEX Impulsio CMS: Remote Code Execution via id Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in Elefant CMS 1.0.x and 1.1.x CSRF Vulnerabilities in Contao (TYPOlight) 2.11.0 and Earlier Allow Remote Authentication Hijacking Remote Proxy Vulnerability in Umbraco 4.7.0 FeedProxy.aspx Script Cross-Site Scripting (XSS) Vulnerabilities in amMap 2.6.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in amCharts Flash 1 CSRF Vulnerability in D-Link DSL-2640B Firmware EU_4.00 Allows Password Hijacking Zone-Based Firewall Memory Leak Vulnerability in Cisco IOS 12.4, 15.0, 15.1, and 15.2 Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCts80643) Denial of Service Vulnerability in Cisco IOS 15.1 and 15.2 (Bug IDs CSCtq64987 and CSCtu57226) Privilege Escalation Vulnerability in Cisco UCS PALO Adapter Card (Bug ID CSCub13772) Denial of Service Vulnerability in Cisco IOS 15.1 and 15.2 (Bug ID CSCtt45381) SIP Inspection Memory Leak Vulnerability in Cisco IOS Certificate Revocation Check Bypass in Cisco IronPort Web Security Appliance: A Potential Gateway for MITM Attacks Cisco IOS Multicast Denial of Service Vulnerability Zone-Based Firewall Denial of Service Vulnerability in Cisco IOS 15.1 and 15.2 Certificate Authority Basic Constraints Validation Vulnerability in Cisco IronPort Web Security Appliance 7.5 and earlier Denial of Service Vulnerability in Cisco IOS 12.3, 12.4, 15.0, and 15.1 (Bug ID CSCtt94391) Privilege Escalation Vulnerability in Cisco Unified IP Phones 9900 Series (Firmware 9.1 and 9.2) Remote Code Execution Vulnerability in Cisco WebEx Recording Format (WRF) Player Remote Code Execution Vulnerability in Cisco WebEx Recording Format (WRF) Player Remote Code Execution Vulnerability in Cisco WebEx Recording Format (WRF) Player Denial of Service Vulnerability in Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 Series Switches (Bug ID CSCts88664) Denial of Service Vulnerability in Cisco UCS 2.0 Fabric Interconnect Component (Bug ID CSCtt94543) Denial of Service Vulnerability in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 Series Switches (Bug ID CSCtn93151) ACL Bypass Vulnerability in Cisco CRS 3.9, 4.0, and 4.1 Denial of Service Vulnerability in Cisco IOS SSL VPN Portal Refresh (Bug ID CSCtr86328) Denial of Service Vulnerability in Cisco Emergency Responder 8.6 and 9.2 (Bug ID CSCtx38369) Password Hash Disclosure Vulnerability in Cisco WAAS Appliances Denial of Service Vulnerability in Cisco IOS 12.3 and 12.4 on Aironet Access Points (Bug ID CSCtc12426) Denial of Service Vulnerability in Cisco Nexus 5000 Series Switches (Bug ID CSCts46521) Crosstalk Information Leakage in Cisco IOS 15.1 and 15.2 with MMoH Enabled (Bug ID CSCtx77750) Denial of Service Vulnerability in Cisco Unified Computing System (UCS) 1.4 and 2.0 Denial of Service Vulnerability in Cisco Unified Computing System (UCS) 1.4 and 2.0 Denial of Service Vulnerability in Cisco IOS on ASR 1000 Devices with MLD Tracking Enabled Denial of Service Vulnerability in Cisco IOS MallocLite Implementation (Bug ID CSCtq06538) Denial of Service Vulnerability in Cisco AnyConnect Secure Mobility Client 3.0 Unspecified Vulnerability in NetEaseWeibo Android App with Unknown Impact Unspecified Vulnerability in NetEase CloudAlbum Android App Unspecified Vulnerability in Youdao Dictionary Android App Unspecified Vulnerability in NetEase Reader Android App Unspecified Vulnerability in NetEase Pmail Android App with Unknown Impact Unspecified Vulnerability in NetEase WeiboHD Android App Unspecified Vulnerability in YouMail Visual Voicemail Plus App for Android Unspecified Vulnerability in RealTalk Android App with Unknown Impact and Attack Vectors Unspecified Vulnerability in XiXunTianTian Android App (Version 0.6.2 Beta) Unspecified Vulnerability in Di Long Weibo App for Android Unspecified vulnerability in Miso (com.bazaarlabs.miso) Android app version 2.2 Unspecified Vulnerability in mOffice - Outlook Sync (com.innov8tion.isharesync) Android App Unspecified Vulnerability in Dolphin Browser HD for Android Unspecified Vulnerability in GO SMS Pro for Android with Unknown Impact and Attack Vectors Unspecified vulnerability in GO Email Widget for Android Unspecified vulnerability in GO TwiWidget for Android with unknown impact and attack vectors Unspecified Vulnerability in GO FBWidget for Android with Unknown Impact Unspecified Vulnerability in GO QQWeiboWidget for Android Unspecified Vulnerability in GO WeiboWidget Application for Android Unspecified Vulnerability in U+Box 2.0 for Android with Unknown Impact and Attack Vectors Unspecified Vulnerability in U+Box 2.0 Pad Application for Android Unspecified vulnerability in CamScanner for Android with unknown impact and attack vectors Unspecified Vulnerability in QianXun YingShi Android App Unspecified Vulnerability in Dolphin Browser CN for Android with Unknown Impact and Attack Vectors Unspecified Vulnerability in Dolphin Browser Mini (com.dolphin.browser) for Android with Unknown Impact and Attack Vectors Unspecified Vulnerability in GO Note Widget for Android Unspecified Vulnerability in GO Bookmark Widget for Android Unspecified vulnerability in GO Message Widget for Android with unknown impact and attack vectors Unspecified Vulnerability in App Lock (com.cc.applock) Android Application Unspecified Vulnerability in Tiny Password Android App with Unknown Impact Cross-Site Scripting (XSS) Vulnerabilities in Kadu History Window Implementation Arbitrary Web Script Injection in Zen Cart Installation CSRF Vulnerability in Plume CMS 1.2.4 and Earlier: Unauthorized News Page Creation Cross-Site Request Forgery (CSRF) Vulnerability in DFLabs PTK 1.0.5 and Earlier Cross-Site Request Forgery (CSRF) Vulnerabilities in SocialCMS 1.0.2 Allow Remote Authentication Hijacking Yealink VOIP Phones: Remote XSS Injection in Local Phone book and Blacklist Form Unspecified Vulnerabilities in Google Chrome on Acer AC700, Samsung Series 5, and Cr-48 Chromebook Platforms Bypassing Malware Detection in ClamAV and Quick Heal via POSIX TAR File Remote Code Execution Vulnerability in Multiple Antivirus Software Bypassing Malware Detection in Quick Heal, Norman Antivirus, Rising Antivirus, and Symantec Endpoint Protection Bypassing Malware Detection in Quick Heal, NOD32, Norman, and Rising Antivirus Vulnerability: Remote Bypass of Malware Detection in TAR File Parser Remote Code Execution Vulnerability in Multiple Antivirus Software Bypassing Malware Detection in TAR File Parser Remote Code Execution via TAR File Parser in Multiple Antivirus Software Remote Code Execution Vulnerability in TAR File Parser Remote Code Execution Vulnerability in TAR File Parser Remote Code Execution Vulnerability in Multiple Antivirus Software due to ELF File Parsing Remote Code Execution Vulnerability in Multiple Antivirus Software Remote Code Execution Vulnerability in Multiple Antivirus Software Bypassing Malware Detection in Microsoft EXE File Parser Bypassing Malware Detection in Microsoft EXE File Parser Bypassing Malware Detection in Microsoft EXE File Parser Bypassing Malware Detection in Microsoft EXE File Parser Bypassing Malware Detection in Microsoft EXE File Parser Bypassing Malware Detection in Comodo Antivirus 7425 via Microsoft Office File Parser Vulnerability Bypassing Malware Detection in Microsoft Office File Parser Vulnerability: Bypassing Malware Detection in ELF File Parser Vulnerability: Bypassing Malware Detection in ELF File Parser Bypassing Malware Detection in Microsoft EXE File Parser Remote Code Execution via Modified Class Field in ELF File Parser User-assisted remote bypass vulnerability in multiple antivirus software Vulnerability: Bypassing Malware Detection in ELF File Parser Vulnerability: Bypassing Malware Detection in ELF File Parser Vulnerability: Bypassing Malware Detection in ELF File Parser Remote Code Execution Vulnerability in Multiple Antivirus Software CAB File Parser Vulnerability in Multiple Antivirus Software CAB File Parser Vulnerability in NOD32 Antivirus and Rising Antivirus CAB File Parser Vulnerability in Multiple Antivirus Software CAB File Parser Vulnerability in Emsisoft Anti-Malware and Ikarus Virus Utilities CAB File Parser Vulnerability in Emsisoft Anti-Malware, Ikarus Virus Utilities, and Quick Heal CAB File Parser Vulnerability in Multiple Antivirus Software Remote Code Execution via Modified ELF ei_version Field CAB File Parser Vulnerability in NOD32 Antivirus and Rising Antivirus Vulnerability: Bypassing Malware Detection in TAR File Parser TAR File Length Field Bypass Vulnerability Bypassing Malware Detection in Microsoft CHM File Parser Vulnerability: Remote Bypass of Malware Detection in TAR File Parser Remote Code Execution via Gzip File Parser in Multiple Antivirus Software Bypassing Malware Detection via Multiple Compressed Streams in Gzip Parser Vulnerability: ZIP File Parser Bypass in Multiple Antivirus Software Vulnerability: Remote Bypass of Malware Detection in Multiple Antivirus Software Information Disclosure Vulnerability in NetMechanica NetDecision Dashboard Server Stack-based Buffer Overflow in NetMechanica NetDecision HTTP Server Information Disclosure Vulnerability in NetMechanica NetDecision Traffic Grapher Server Directory Traversal Vulnerabilities in iBrowser Plugin Library of Open Journal Systems Arbitrary Code Execution Vulnerability in Open Journal Systems before 2.3.7 Cross-Site Scripting (XSS) Vulnerabilities in Open Journal Systems before 2.3.7 Cross-Site Scripting (XSS) Vulnerabilities in ocPortal code_editor.php Directory Traversal Vulnerability in ocPortal catalogue_file.php (CVE-XXXX-XXXX) Arbitrary File Read and Denial of Service Vulnerability in VMware vCenter Chargeback Manager (CBM) Unspecified Vulnerability in Youni SMS Application for Android Unspecified vulnerability in YagattaTalk Messenger for Android with unknown impact and attack vectors Unspecified Vulnerability in KKtalk Android App with Unknown Impact and Attack Vectors Unspecified Vulnerability in Cnectd (mci.cnectd) Android App 3.1.0 Unspecified Vulnerability in UCMobile BloveStorm Application for Android Unspecified Vulnerability in AContact Application for Android Unspecified Vulnerability in Pansi SMS Application for Android Unspecified vulnerability in Textdroid (com.app.android.textdroid) app 2.5.2 for Android Unspecified vulnerability in TouchPal Contacts app for Android with unknown impact and attack vectors Unspecified Vulnerability in Message Forwarder App for Android Unspecified Vulnerability in WaliSMS CN Application for Android Unspecified Vulnerability in NetFront Life Browser for Android Insecure SSH Key Management in F5 BIG-IP Appliances and Enterprise Manager Arbitrary Code Execution in WebCalendar before 1.2.5 via form_single_user_login parameter WebCalendar 1.2.5 and Earlier: Local File Inclusion Vulnerability Directory Traversal Vulnerability in Movable Type Template-Designer Role Cross-Site Request Forgery (CSRF) Vulnerabilities in Webfolio CMS 1.1.4 and Earlier JPEG 2000 Codec Remote Code Execution Vulnerability Stored XSS Vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 Double Free Vulnerability in PyPam Allows Remote Code Execution Arbitrary Script Injection in Six Apart Movable Type Pro 5.13 Comment Section SQL Injection Vulnerability in OrangeHRM 2.7: Remote Code Execution via hspSummaryId Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in OrangeHRM before 2.7 XPDM Display Driver Vulnerability in VMware ESXi, ESX, and VMware View Buffer Overflow in VMware View XPDM Display Driver Buffer Overflow Vulnerability in VMware ESXi and ESX Display Driver Arbitrary Code Injection through Crafted URLs in VMware View Manager Portal Arbitrary Web Script Injection Vulnerability in vSphere Client Sensitive Information Disclosure in VMware vCenter Orchestrator Web Configuration Tool CSRF Vulnerability in VMware vShield Manager: User Authentication Hijacking Port-based I/O Operations Vulnerability in VMware ESXi and ESX VMware ESXi and ESX RPC Command Handling Vulnerability VMware ESXi and ESX VMX Process RPC Command Handling Vulnerability Incorrect ACL for VMware Tools folder allows privilege escalation in VMware products Arbitrary Code Execution and Denial of Service Vulnerability in WebKit XML Parser Use-After-Free Vulnerability in Google Chrome Cached Object Remote Code Execution Vulnerability in Microsoft Internet Explorer 9 Center Element Remote Code Execution Vulnerability Attribute Remove Remote Code Execution Vulnerability in Microsoft Internet Explorer 9 Heap-based Buffer Overflow in Adobe Reader and Acrobat Layout Memory Corruption Vulnerability in Microsoft Internet Explorer 6 and 7 Windows Briefcase Integer Underflow Vulnerability Windows Briefcase Integer Overflow Vulnerability OnMove Use After Free Vulnerability in Microsoft Internet Explorer 8 and 9 Heap-based Buffer Overflow in Adobe Reader and Acrobat XSLT Engine Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Remote Code Execution Vulnerability in Adobe Flash Player DirectPlay Heap Overflow Vulnerability CFormElement Use After Free Vulnerability in Microsoft Internet Explorer 9 CTreePos Use After Free Vulnerability in Microsoft Internet Explorer 9 Unspecified Remote Code Execution Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Protected Mode Bypass and Memory Corruption Vulnerability in Microsoft Internet Explorer Arbitrary Web Script Injection in Synology Photo Station 5 for DSM 3.2-1955 SQL Injection Vulnerability in Parallels Plesk Panel 7.x-10.3.x NULL Pointer Dereference Denial of Service in yaSSL CyaSSL Cross-site scripting (XSS) vulnerability in Drupal Finder module before 6.x-1.26 and 7.x-2.0-alpha8 Unauthenticated Password Change Vulnerability in Joomla! Core Joomla! Admin Account Creation Vulnerability Arbitrary Web Script Injection Vulnerability in YVS Image Gallery Administration Panel Unspecified Insecure Direct Object Reference Vulnerability in ez Publish 4.1.4 - 4.6 mintNanny in LinuxMint 2012-03-19: Temporary File Creation Vulnerabilities Temporary File Creation Vulnerabilities in LinuxMint's mintUpdate Shared Library ASLR Bypass Vulnerability Heap Memory Corruption and Application Crash Vulnerability in GNU Libtasn1 Ghost Domain Names Attack Vulnerability Denial of Service Vulnerability in File and libmagic with Crafted CDF File Stack Exhaustion Vulnerability in OpenStack Keystone Heap Memory Corruption and Application Crash in GnuTLS due to Improper Handling of Encrypted Data Arbitrary User Impersonation Vulnerability in Apache Hadoop Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cumin before r5238 Improper Cleanup of CertFP Entries in Atheme Allows Account Access and Denial of Service OpenBSD's random.c Vulnerability: Seeding with 0 Returns 0 Cross-Site Request Forgery Vulnerabilities in MediaWiki Allow User Authentication Hijacking Sensitive Information Disclosure in MediaWiki Resource Loader CSRF vulnerability in MediaWiki Special:Upload allows remote file upload Weak Random Number Generation in MediaWiki Password Reset Tokens Arbitrary Script Injection Vulnerability in MediaWiki's Wikitext Parser Double Free Vulnerability in xfrm6_tunnel_rcv Function in Linux Kernel Integer Overflow in TagLib's mid Function in toolkit/tbytevector.cpp Denial of Service Vulnerability in OpenStack Compute (Nova) Essex Information Disclosure Vulnerability in mount.cifs Denial of Service Vulnerability in Drupal 7.x _filter_url Function Open Redirect Vulnerability in Drupal 7.x Form API Allows for Phishing Attacks Unpublished Forum Post Information Disclosure Vulnerability in Drupal 7.x before 7.14 Improper Permission Checking in Drupal 7.x Image Module Arbitrary File Execution Vulnerability in Apache Struts2 NULL Pointer Dereference and Application Crash Vulnerability in Wireshark ANSI A Dissector Denial of Service Vulnerability in Wireshark 1.6.x IEEE 802.11 Dissector Denial of Service Vulnerability in Wireshark's pcap_process_pseudo_header Function Denial of Service Vulnerability in Wireshark MP2T Dissector Arbitrary Web Script Injection Vulnerability in eZ Publish Unspecified Impact and Attack Vectors: Insufficient Randomness and Password Reset Vulnerability in Joomla! 1.5.x Joomla! 1.5.x Permission Check Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in phpPgAdmin Functions.php KVM Implementation Denial of Service Vulnerability Authentication Bypass Vulnerability in NextBBS 0.6 Multiple SQL Injection Vulnerabilities in NextBBS 0.6's ajaxserver.php Arbitrary Web Script Injection Vulnerability in NextBBS 0.6 Untrusted Data Unserialization Vulnerability in TYPO3 Extbase Framework Arbitrary Web Script Injection in TYPO3 Backend Information Disclosure Vulnerability in TYPO3 CLI Script Arbitrary Web Script Injection Vulnerability in TYPO3's t3lib_div::RemoveXSS API Method Integer Overflow in GetEXIFProperty Function in ImageMagick Joomla! 2.5.x Permission Check Vulnerability Arbitrary Code Injection through Unspecified Vectors in Joomla! 2.5.x Update Manager Arbitrary Script Injection in Coppermine Photo Gallery 1.5.20 Information Disclosure Vulnerability in Coppermine Photo Gallery Privilege Escalation Vulnerability in Fedoraproject Sectool: Incorrect DBus File Use-after-free vulnerability in icclib before 2.13 allows remote code execution via crafted ICC profile file Arbitrary File Upload Vulnerability in combine.php in OSClass before 2.3.6 SQL Injection Vulnerability in PostgreSQL JDBC Driver Vulnerability: Information Disclosure via XRaiseWindow Event in slock 0.9 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Apache OFBiz 10.04.x Arbitrary Code Execution Vulnerability in Apache OFBiz 10.04.x before 10.04.02 Unrestricted Access to Registration Code List in Drupal Registration Codes Module Cross-Site Scripting (XSS) Vulnerabilities in Lingotek Module for Drupal Eval Injection Vulnerability in Fill PDF Module for Drupal SQL Injection Vulnerability in Date Module for Drupal Arbitrary Web Script Injection Vulnerability in Vote Up/Down Module for Drupal SuperCron Module for Drupal XSS Vulnerability Arbitrary Code Injection Vulnerability in Taxotouch Module for Drupal Arbitrary Code Injection Vulnerability in Drupal Taxonomy Navigator Module CSRF Vulnerability in Admin:hover Module for Drupal Allows Unauthorized Node Unpublishing Arbitrary Web Script Injection Vulnerability in Password Policy Module for Drupal CSRF Vulnerability in Drupal Password Policy Module Arbitrary Script Injection in Video Filter Module for Drupal Vulnerability: Access Bypass in Revisioning Module for Drupal CSRF Vulnerability in Drupal Stickynote Module Allows Unauthorized Deletion of Stickynotes Quick Tabs module XSS vulnerability in Drupal SQL Injection Vulnerability in Drupal Search Autocomplete Module Cross-Site Scripting (XSS) Vulnerabilities in Drupal Commerce Module Cross-Site Scripting (XSS) Vulnerabilities in Managesite Module for Drupal Arbitrary PHP Code Execution in Drupal Finder Module Improper Access Permissions in Link Checker Module for Drupal Unrestricted Access Permissions Vulnerability in Faster Permissions Module for Drupal Vulnerability: Unauthorized Modification of Group Vocabularies in Organic Groups (OG) Vocabulary Module for Drupal Arbitrary PHP File Read Vulnerability in Drupal CDN Module Cross-Site Scripting (XSS) Vulnerabilities in Drupal FAQ Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in OSM Player PHP Application Arbitrary Web Script Injection Vulnerability in Cool Aid Module for Drupal Arbitrary Page Modification Vulnerability in Cool Aid Module for Drupal Access Bypass Vulnerability in ZipCart Module for Drupal Arbitrary Code Injection through Submenu Tree Module in Drupal Arbitrary Script Injection in Hierarchical Select Module for Drupal Arbitrary Script Injection in Taxonomy Views Integrator (TVI) Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Data Module for Drupal Unspecified Account Credential Disclosure Vulnerability in UC PayDutchGroup / WeDeal Payment Module for Drupal Arbitrary SQL Command Execution Vulnerability in Multisite Search Module for Drupal Block Class Module XSS Vulnerability Arbitrary Script Injection Vulnerability in Read More Link Module for Drupal Arbitrary Script Injection Vulnerability in Node Recommendation Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Webform Module for Drupal Unprompted Execution of VBA Macros in ESRI ArcMap and ArcGIS Denial of Service Vulnerability in CA ARCserve Backup Double free vulnerability in libgnutls in GnuTLS before 3.0.14: Remote Denial of Service and Possible Other Impacts via Crafted Certificate List Multiple Cross-Site Scripting (XSS) Vulnerabilities in osCMax Admin Panel Multiple SQL Injection Vulnerabilities in osCMax Admin Panel Untrusted Search Path Vulnerability in VMware Tools Denial of Service and Information Disclosure Vulnerability in ISC BIND 9.x Arbitrary File Inclusion Vulnerability in phpMoneyBooks 1.0.3 Remote Database Read Vulnerability in PHP Grade Book before 1.9.5 BETA Arbitrary File Inclusion Vulnerability in phpPaleo 4.8b155 and Earlier SQL Injection Vulnerability in getcity.php in Hotel Booking Portal 0.1 SQL Injection Vulnerability in e-ticketing Login Script Unspecified integrity vulnerability in Siebel Clinical component in Oracle Industry Applications TNS Poison: Remote Execution of Arbitrary Database Commands Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Remote Integrity Vulnerability in Oracle Application Server Single Sign-On Component Unspecified Confidentiality Vulnerability in JD Edwards EnterpriseOne Tools Unspecified Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Local Denial of Service Vulnerability in Oracle Sun Solaris Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier Unspecified vulnerability in Oracle Sun Solaris: Local User Confidentiality, Integrity, and Availability Impact via gssd Unspecified vulnerability in Oracle Sun Solaris: Local User Impact on Confidentiality, Integrity, and Availability via Password Policy Unspecified Remote Integrity Vulnerability in Oracle Virtualization 4.6 Unspecified Remote Integrity Vulnerability in Oracle Business Intelligence Enterprise Edition Local Privilege Escalation Vulnerability in Oracle Solaris 10 and 11 via Logical Domains (LDOM) Unspecified Remote Code Execution Vulnerability in MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Local Privilege Escalation Vulnerability in Oracle Sun Solaris 11 SCTP-related Local Availability Vulnerability in Oracle Sun Solaris 10 Unspecified Remote Availability Vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 Remote Code Execution Vulnerability in Oracle Sun Solaris 10 Unspecified vulnerability in Oracle JRockit component in Oracle Fusion Middleware and JDK/JRE Unspecified Remote Availability Vulnerability in MySQL Server Unspecified Remote Availability Vulnerability in MySQL Server Component Remote authenticated users can compromise confidentiality in Oracle Sun Solaris 11 through Kernel/GLD vulnerability Invalid Pointer Dereference in ProcSetEventMask Function of X.Org X11R6 and XFree86 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM Unspecified Confidentiality Vulnerability in Siebel CRM Component Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in MySQL Server Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server Component Unspecified Logging Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Remote Integrity Vulnerability in Oracle Database Server Application Express Component Unspecified Remote Code Execution Vulnerability in Oracle WebCenter Forms Recognition Component Unspecified Remote Code Execution Vulnerability in Oracle WebCenter Forms Recognition Component Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Directory Traversal Vulnerability in Oracle Sun GlassFish Web Space Server Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified Remote Code Execution Vulnerability in TList 6 ActiveX Control in Oracle Hyperion Financial Management Unspecified Remote Code Execution Vulnerability in Oracle E-Business Suite Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. Unspecified vulnerability in Java Runtime Environment (JRE) allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Remote Code Execution Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Java Runtime Environment (JRE) on Solaris Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE 7 and 6 allows remote attackers to compromise system security Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE 7 and 6 allows remote attackers to compromise system security Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Java SE 7 and earlier allows remote attackers to compromise confidentiality and integrity via unknown vectors related to Libraries. Unspecified Integrity Vulnerability in Oracle E-Business Suite's Application Object Library Component Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Remote Integrity Vulnerability in Oracle Hyperion BI+ Component Unspecified Integrity Vulnerability in Oracle E-Business Suite's Application Object Library Component Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.23 and Earlier Unspecified Confidentiality Vulnerability in Oracle MapViewer Component Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified Remote Code Execution Vulnerability in Oracle iPlanet Web Server Unspecified Integrity Vulnerability in Oracle E-Business Intelligence Component Unspecified Confidentiality Vulnerability in Oracle Application Express Listener Unspecified Remote Code Execution Vulnerability in Oracle Fusion Middleware Enterprise Manager Unspecified Remote Availability Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified vulnerability in Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified Remote Availability Vulnerability in Oracle Database Server on Windows Unspecified Remote Availability Vulnerability in Oracle Database Server on Windows Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HRMS Component Unspecified Confidentiality Vulnerability in Oracle MapViewer Component Unspecified Local Vulnerability in Oracle Sun Solaris Affecting Confidentiality, Integrity, and Availability via Mailx Unspecified vulnerability in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 related to flashback archive Local Privilege Escalation Vulnerability in Oracle Sun Solaris 11 Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.51 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.23 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.5.23 and Earlier Unspecified vulnerability in Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 Unspecified Remote Code Execution Vulnerability in Oracle AutoVue Component Unspecified Remote Availability Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Remote Integrity Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified HTML Surround Vulnerability in Oracle Clinical/Remote Data Capture Component Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Branded Zone Vulnerability in Oracle Sun Solaris 10 Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component in Oracle Fusion Middleware 8.3.7 Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Open URL Vulnerability in Gretech GOM Media Player Arbitrary Code Execution via Crafted MMS:// Stream in VideoLAN VLC Media Player Heap-based Buffer Overflows in VideoLAN VLC Media Player SQL Injection Vulnerability in F5 FirePass my.activation.php3 Artykul_print.php SQL Injection Vulnerability in CreateVision CMS Arbitrary Script Injection in IDevSpot idev-BusinessDirectory 3.0 via SEARCH Parameter SQL Injection Vulnerability in SocialCMS 1.0.5 search.php (category parameter) Cross-Site Scripting (XSS) Vulnerabilities in SocialCMS 1.0.5's ajax/commentajax.php Cross-Site Scripting (XSS) Vulnerabilities in OSQA 3b's Questions/Ask Feature Denial of Service Vulnerability in Tiny Server 1.1.9 and Earlier SQL Injection Vulnerability in MyJobList 0.1.3: Remote Code Execution via Profile Action Arbitrary Command Execution in Video Embed & Thumbnail Generator Plugin for WordPress Information Disclosure Vulnerability in Video Embed & Thumbnail Generator Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Webglimpse 2.20.0 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in WonderDesk SQL 4.14 Cross-Site Scripting (XSS) Vulnerabilities in Kongreg8 1.7.3 Absolute Path Traversal Vulnerability in Webgrind 1.0 and 1.0.2 Cross-site scripting (XSS) vulnerability during osCommerce Online Merchant installation Arbitrary Command Execution in webglimpse.cgi Privilege Escalation Vulnerability in IBM Tivoli Monitoring Agent (ITMA) on UNIX World-writable permissions for nodes.reg in IBM DB2 9.5: Unspecified Impact and Attack Vectors Out-of-Bounds Read Vulnerability in TIFFGetEXIFProperties Function in ImageMagick Unrestricted Authentication Attempts Vulnerability in Siemens Scalance S Security Module Firewall Profinet DCP Protocol Stack-Based Buffer Overflow Vulnerability Multiple Stack-Based Buffer Overflows in ABB WebWare Server and Related Modules Buffer Overflow Vulnerability in Siemens Scalance X Industrial Ethernet Switches Insecure Factory Account Password in RuggedCom Rugged Operating System (ROS) 3.10.x and Earlier Denial of Service Vulnerability in Progea Movicon OPC Server Arbitrary Code Execution Vulnerability in Koyo H0-ECOM, H2-ECOM, and H4-ECOM Ethernet Modules Weak Password Length in Koyo H0-ECOM Ethernet Module Arbitrary Web Script Injection Vulnerability in Koyo H0-ECOM, H2-ECOM, and H4-ECOM Ethernet Modules Unauthenticated Remote Access Vulnerability in Koyo H0-ECOM, H2-ECOM, and H4-ECOM Ethernet Modules Denial of Service Vulnerability in Koyo H0-ECOM, H2-ECOM, and H4-ECOM Ethernet Modules Denial of Service Vulnerability in C3-ilex EOScada before 11.0.19.2 Denial of Service Vulnerability in C3-ilex EOScada before 11.0.19.2 Cleartext Information Disclosure Vulnerability in C3-ilex EOScada Denial of Service Vulnerability in C3-ilex EOScada before 11.0.19.2 Arbitrary Web Script Injection Vulnerability in Emerson DeltaV and DeltaV Workstations Arbitrary SQL Command Execution Vulnerability in Emerson DeltaV and DeltaV Workstations Denial of Service Vulnerability in PORTSERV.exe in Emerson DeltaV and DeltaV Workstations Buffer Overflow Vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 Arbitrary File Overwrite Vulnerability in Emerson DeltaV and DeltaV Workstations Untrusted Search Path Vulnerability in WellinTech KingView 6.53: Privilege Escalation via Trojan Horse DLL Denial of Service Vulnerability in Quagga BGP Daemon Denial of Service Vulnerability in Symantec Endpoint Protection Arbitrary Code Execution via Query String in PHP CGI (CVE-2012-1823) Untrusted Search Path Vulnerability in Measuresoft ScadaPro Client and Server Cross-Site Scripting (XSS) Vulnerabilities in ForeScout CounterACT Appliance Status Program Arbitrary Code Execution in dotCMS 1.9 before 1.9.5.1 via Crafted XSLT or Velocity Template Lack of Authorization Requirements in AutoFORM PDM Archive Allows Remote Database Operations Unauthenticated Remote Administrative Access in AutoFORM PDM Archive Cross-Site Scripting (XSS) Vulnerabilities in AutoFORM PDM Archive before 6.920 Remote Code Execution Vulnerability in WellinTech KingView 6.53 via TCP Port 555 Remote Code Execution Vulnerability in WellinTech KingView 6.53 via TCP Port 555 Remote Code Execution and Denial of Service Vulnerability in WellinTech KingView 6.53 Arbitrary Object Property Modification in VMware SpringSource Grails Arbitrary Script Injection in CMS Tree Page View Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in All-in-One Event Calendar Plugin for WordPress Heap-based Buffer Overflow in dns.cpp in InspIRCd 2.0.5 Missing HTTPOnly Flag in Set-Cookie Header in IBM Tivoli Endpoint Manager (TEM) before 8.2 LG-Nortel ELO GS24M Switch Authentication Bypass Vulnerability Directory Traversal Vulnerabilities in AjaXplorer Get Template Feature Improper Cookie Authentication in AjaXplorer 3.2.x and 4.0.x Absolute Path Traversal Vulnerability in Quantum Scalar i500 Tape Library and Dell ML6000 Tape Library Cross-Site Scripting (XSS) Vulnerability in Quantum Scalar i500 Tape Library Firmware CSRF Vulnerability in Quantum Scalar i500 Tape Library and Dell ML6000 Tape Library Default Password Vulnerability in Quantum Scalar i500, Dell ML6000, and IBM TS3310 Tape Libraries Remote Code Execution Vulnerability in Google Chrome 17.0.963.66 and Earlier Remote Code Execution Vulnerability in Google Chrome 17.0.963.66 and Earlier Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability Scrollbar Calculation Vulnerability Lync Insecure Library Loading Vulnerability Remote Administration Protocol Denial of Service Vulnerability Print Spooler Service Format String Vulnerability Remote Administration Protocol Heap Overflow Vulnerability Remote Administration Protocol Stack Overflow Vulnerability Visual Basic for Applications Insecure Library Loading Vulnerability .NET Framework Memory Access Vulnerability MSCOMCTL.OCX RCE Vulnerability Dynamics AX Enterprise Portal XSS Vulnerability HTML Sanitization Vulnerability in Microsoft Internet Explorer and Communicator XSS Vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 and Office Web Apps 2010 SharePoint Search Scope Vulnerability SharePoint Script in Username Vulnerability SharePoint URL Redirection Vulnerability SharePoint Reflected List Parameter XSS Vulnerability Kernel-mode driver vulnerability in Microsoft Windows XP, Server 2003, Vista, Server 2008, and Windows 7 Kernel-mode driver vulnerability in Microsoft Windows XP, Server 2003, Vista, Server 2008, and 7 Clipboard Format Atom Name Handling Vulnerability in Windows Operating Systems Font Resource Refcount Integer Overflow Vulnerability in Windows Operating Systems Win32k.sys Privilege Escalation Vulnerability TLS CBC Mode Plaintext Recovery Vulnerability EUC-JP Character Encoding XSS Vulnerability in Microsoft Internet Explorer 6-9 Null Byte Information Disclosure Vulnerability in Microsoft Internet Explorer 7-9 Memory Object Handling Vulnerability in Microsoft Internet Explorer 8 and 9 Same ID Property Remote Code Execution Vulnerability in Microsoft Internet Explorer 8 Col Element Remote Code Execution Vulnerability Title Element Change Remote Code Execution Vulnerability OnBeforeDeactivate Event Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-9 insertAdjacentText Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-9 insertRow Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-9 OnRowsInserted Event Remote Code Execution Vulnerability in Microsoft Internet Explorer 8 and 9 Cross-Domain Scrolling Events Information Disclosure Vulnerability in Microsoft Internet Explorer 6-9 Excel SerAuxErrBar Heap Overflow Vulnerability Excel Memory Corruption Vulnerability Excel SST Invalid Length Use After Free Vulnerability Visio DXF File Format Buffer Overflow Vulnerability Uninitialized Memory Access Vulnerability in Microsoft XML Core Services Keyboard Layout Privilege Escalation Vulnerability ADO Cachesize Heap Overflow RCE Vulnerability Arbitrary Web Script Injection Vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 Win32k Callback Parameter Validation Vulnerability Office for Mac Improper Folder Permissions Vulnerability Reflection Bypass Vulnerability in Microsoft .NET Framework Code Access Security Info Disclosure Vulnerability Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Wolf CMS 0.75 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Wolf CMS 0.75 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Webfolio CMS 1.1.4 and Earlier CSRF Vulnerability in RazorCMS 1.2.1 and Earlier Allows Arbitrary Web Page Deletion Cross-Site Request Forgery (CSRF) Vulnerabilities in FlexCMS 3.2.1 and Earlier Sensitive Information Disclosure in phpMyAdmin 3.4.x Cross-Site Scripting (XSS) Vulnerability in Telligent Community 5.6.583.20496 via Flash File and allowScriptAccess Parameter Memory Corruption and Application Crash Vulnerability in RealPlayer Arbitrary File Overwrite and Package Installation Vulnerability in Puppet Bypassing Malware Detection in PrivaWall Antivirus 5.6 and Earlier via Crafted Office XML Files Splunk 4.0-4.3 Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in Bitcoin Protocol: Duplicate Coinbase Transaction Handling Denial of Service and Arbitrary Code Execution Vulnerability in Bitcoin-Qt on Windows SQL Injection Vulnerabilities in PHP Address Book 6.2.12 and Earlier Arbitrary Code Injection via preferences.php in PHP Address Book 7.0 and Earlier XSS Vulnerability in EllisLab CodeIgniter 2.1.2 Arbitrary Code Execution via E-mail Attachment in AtMail Open-Source before 1.05 Directory Traversal Vulnerability in AtMail Open-Source WebMail Client Directory Traversal Vulnerabilities in @Mail WebMail Client in AtMail Open-Source before 1.05 CRLF Injection Vulnerability in AtMail Open-Source WebMail Client Allows Directory Traversal and Arbitrary File Reading Information Disclosure Vulnerability in AtMail Open-Source 1.04 and Earlier CSRF Vulnerability in Sitecom WLM-2501 Allows Remote Authentication Hijacking Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Sitecom WLM-2501 Cleartext Password Storage Vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x User-Assisted Remote File Execution Vulnerability in Opera Dialog Window Vulnerability in Opera Same Origin Policy Bypass in Opera: Unauthorized Access to history.state Information Address Field Spoofing Vulnerability in Opera Browser Address Field Spoofing Vulnerability in Opera Browser Address Field and Security Dialog Spoofing Vulnerability in Opera on Mac OS X World-readable permissions for temporary files in Opera before 11.62 on UNIX allow local users to access sensitive information Local File Overwrite Vulnerability in Opera on UNIX Cross-Site Scripting (XSS) Vulnerability in Wolf CMS 0.75 and Earlier PHP Remote File Inclusion Vulnerabilities in Newscoop 3.5.x and 4 before RC4 SQL Injection Vulnerability in Newscoop Admin Country Edit Cross-Site Scripting (XSS) Vulnerabilities in Newscoop 3.5.x and 4.x Inconsistent User Account Association in wp_create_nonce Function in WordPress Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Memory Corruption and Arbitrary Code Execution Vulnerability in Mozilla Firefox ESR 10.x and Thunderbird ESR 10.x Use-after-free vulnerability in nsFrameList::FirstChild function in Mozilla Firefox and Thunderbird Heap-based buffer overflow in nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox and Thunderbird Privilege Escalation via DLL Loading in Mozilla Updater and Windows Updater Service Untrusted Search Path Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey on Windows Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Local Information Disclosure via Shortcut File Loading in Mozilla Products Use-after-free vulnerability in nsINode::ReplaceOrInsertBefore function in Mozilla Firefox and Thunderbird Heap-based Buffer Overflow in Character-Set Conversion Function in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Drag-and-Drop Spoofing Vulnerability in Mozilla Firefox Use-after-free vulnerability in nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox and Thunderbird allows remote code execution Arbitrary Code Execution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Buffer Over-read and Heap-based Buffer Overflow Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in nsDocument::AdoptNode function in Mozilla Firefox and Thunderbird Address bar spoofing vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in nsGlobalWindow::PageHidden function in Mozilla Firefox and Thunderbird Cross-compartment wrapping vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Out-of-bounds read vulnerability in qcms_transform_data_rgb_out_lut_sse2 function in Mozilla Firefox, Thunderbird, and SeaMonkey Clickjacking vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey JSDependentString::undepend Use-After-Free Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Improper Restriction of Content Security Policy Violation Reports Clickjacking Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) bypass vulnerability in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 Improper Privilege Execution via javascript: URL in Mozilla Firefox, Thunderbird, and SeaMonkey HTML E-mail Information Disclosure Vulnerability in Bugzilla Information Disclosure Vulnerability in Bugzilla's get_attachment_link Function Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 Use-after-free vulnerability in nsObjectLoadingContent::LoadObject function in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in gfxTextRun::CanBreakLineBefore function in Mozilla Firefox and Thunderbird before 15.0 allows remote code execution or denial of service PresShell::CompleteMove Use-After-Free Vulnerability Use-after-free vulnerability in nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 Cleartext Base64 Password Storage Vulnerability in WellinTech KingSCADA 3.0 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Simple PHP Agenda 2.2.8 and Earlier Arbitrary Script Injection in SyndeoCMS 3.0.01 and Earlier Arbitrary Web Script Injection Vulnerability in SocialCMS 1.0.2 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x CSRF Vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x Arbitrary File Read Vulnerability in Puppet and Puppet Enterprise Unspecified Denial of Service Vulnerability in Puppet and Puppet Enterprise Arbitrary Command Execution Vulnerability in Puppet and Puppet Enterprise Arbitrary File Overwrite Vulnerability in Puppet 2.7.x and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x Multiple Cross-Site Scripting (XSS) Vulnerabilities in Schneider Electric Kerweb and Kerwin Arbitrary Script Injection via Email Address Field in CMS Made Simple Unspecified Local Privilege Escalation Vulnerability in HP System Management Homepage (SMH) before 7.0 Adjacent Network Remote Information Access Vulnerability Unspecified Local Vulnerability in HP Systems Insight Manager (SIM) Before 7.0 Unspecified Remote Data Modification Vulnerability in HP Systems Insight Manager (SIM) Unspecified Remote Vulnerability in HP Systems Insight Manager (SIM) Unspecified Remote Vulnerability in HP Systems Insight Manager (SIM) Unspecified Remote Information Disclosure and Data Modification Vulnerability in HP Systems Insight Manager (SIM) Unspecified Remote Code Execution Vulnerabilities in HP System Health Application and Command Line Utilities XSS Vulnerability in PrestaShop before 1.5.2 via <object data='data:text/html substring Arbitrary Web Script Injection Vulnerability in HP SNMP Agents for Linux Open Redirect Vulnerability in HP SNMP Agents for Linux CSRF Vulnerability in HP Insight Management Agents on Windows Server 2003 and 2008 Open Redirect Vulnerability in HP Insight Management Agents Arbitrary Web Script Injection Vulnerability in HP Insight Management Agents Unspecified Remote Data Modification and Denial of Service Vulnerability in HP Insight Management Agents Arbitrary SQL Command Execution Vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 Arbitrary Web Script Injection Vulnerability in HP Performance Insight for Networks Unspecified Privilege Escalation Vulnerability in HP Performance Insight for Networks Privilege Escalation Vulnerability in HP OpenVMS ACMELOGIN Implementation HP Web Jetadmin 8.x Multiple Cross-Site Scripting (XSS) Vulnerabilities Unspecified Form Fields Autocomplete Vulnerability in HP System Management Homepage (SMH) Unspecified Remote Code Execution Vulnerability in HP System Management Homepage (SMH) Unvalidated Input Vulnerability in HP System Management Homepage (SMH) Unspecified Privilege Escalation and Information Disclosure Vulnerability in HP System Management Homepage (SMH) Unspecified Local Information Disclosure Vulnerability in HP System Management Homepage (SMH) Unspecified Denial of Service Vulnerability on HP Photosmart Wireless Printers Arbitrary Web Script Injection Vulnerability in HP Network Node Manager i (NNMi) Unspecified Remote Code Execution Vulnerability in HP Operations Agent (ZDI-CAN-1325) Unspecified Remote Code Execution Vulnerability in HP Operations Agent (ZDI-CAN-1326) HP AssetManager Multiple Cross-Site Scripting (XSS) Vulnerabilities Multiple Cross-Site Scripting (XSS) Vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Illustrator Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Illustrator Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Illustrator Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Illustrator Adobe Photoshop CS5 and CS5.1 TIFF File Use-After-Free Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Adobe Photoshop CS5 and CS5.1 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610 Arbitrary Code Execution via Integer Overflow in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Access Restriction Bypass Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Denial of Service Vulnerability in Adobe Flash Player and Adobe AIR Untrusted search path vulnerability in Adobe Flash Player and Adobe AIR CRLF Injection Vulnerability in Adobe ColdFusion Component Browser Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Illustrator Unspecified Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Unspecified Memory Corruption Vulnerability in Adobe Shockwave Player Unspecified Memory Corruption Vulnerability in Adobe Shockwave Player Unspecified Denial of Service Vulnerability in Adobe ColdFusion 10 and Earlier Stack-based Buffer Overflow in Adobe Reader and Acrobat 9.x and 10.x Buffer Overflow Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Stack-based Buffer Overflow in Adobe Photoshop CS5 U3D.8BI Library Plugin Privilege Escalation via Unauthenticated sudo Execution in F5 FirePass Mass Assignment Vulnerability in Redmine before 1.3.2 Mass Assignment Vulnerability in GitHub Enterprise before 20120304 CSRF Vulnerability in Drupal Content Lock Module Allows Authentication Hijacking CSRF Vulnerability in Ubercart Bulk Stock Updater Module for Drupal Insecure Payment Processing in Ubercart Payflow Module for Drupal Ticketyboo News Ticker Module for Drupal Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection Vulnerability in Drupal Admin Tools Module CSRF Vulnerability in Drupal Admin Tools Module Allows Authentication Hijacking Open Redirect Vulnerability in Drupal Redirecting Click Bouncer Module Improper Permission Checking in Slidebox Module for Drupal Allows Information Disclosure Arbitrary Web Script Injection Vulnerability in Views Language Switcher Module for Drupal Arbitrary Web Script Injection Vulnerability in Language Icons Module for Drupal Arbitrary Script Injection Vulnerability in FCKeditor and CKEditor Modules for Drupal Arbitrary PHP Code Execution Vulnerability in CKeditor Module for Drupal Arbitrary Web Script Injection in Fancy Slide Module for Drupal CSRF Vulnerability in Wishlist Module for Drupal Allows XSS Hijacking Arbitrary Web Script Injection Vulnerability in MultiBlock Module for Drupal Arbitrary Script Injection in Drupal Contact Forms Module Arbitrary Code Injection through Share Buttons Module in Drupal Arbitrary PHP Code Execution Vulnerability in Bundle Copy Module for Drupal Unspecified Information Disclosure Vulnerability in Ubercart Views Module for Drupal Arbitrary Script Injection in Drupal Contact Save Module Arbitrary Code Injection in ShareThis Module for Drupal CSRF Vulnerability in ShareThis Module for Drupal Activity Module XSS Vulnerability in Drupal 6.x-1.x CSRF Vulnerability in Drupal Activity Module 6.x-1.x CSRF Vulnerability in Node Limit Number Module for Drupal Information Disclosure Vulnerability in Organic Groups (OG) Module for Drupal Arbitrary Script Injection via User Signature in Drupal Chaos Tool Suite (CTools) Module Arbitrary Web Script Injection Vulnerability in Drupal Fusion Module Arbitrary Web Script Injection in Printer, Email, and PDF Versions Module for Drupal Arbitrary Command Execution via Href Attribute in Gajim SQL Injection Vulnerability in Gajim's get_last_conversation_lines Function Critical Vulnerability: Remote Server Takeover via ISPConfig 3.0.4.3 Webdav User Creation Heap-based Buffer Overflow in libtiff TIFFReadDirectory Function Buffer Overflow Vulnerability in ngx_http_mp4_module.c in Nginx Multiple Format String Vulnerabilities in FlightGear and SimGear Buffer Overflow Vulnerabilities in FlightGear and SimGear GPG Signature Verification Bypass Vulnerability in Ubuntu Cobbler Arbitrary File Overwrite Vulnerability in Gajim 0.15 Arbitrary Script Injection Vulnerability in OpenStack Dashboard (Horizon) Log Viewer Arbitrary Configuration Settings Write Privilege Vulnerability in WICD Vulnerability: Manipulation of Voting Averages in Fivestar Module for Drupal CSRF Vulnerability in Autosave Module for Drupal Denial of Service Vulnerability in Apache Commons Compress Sorting Algorithms Multiple Cross-Site Scripting (XSS) Vulnerabilities in Wikidforum 2.10 Incomplete Fix for Large FLEX_BG Group Size Vulnerability in ext4_fill_flex_info Function Denial of Service Vulnerability in Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 Denial of Service Vulnerability in MySQL 5.1.x and 5.5.x Local File Overwrite Vulnerability in qmailscan Plugin for Munin 1.4.5 Arbitrary Command Execution and File Deletion Vulnerability in Munin 2.x SQL Injection Vulnerabilities in Timesheet Next Gen 1.5.2 Login Page Heap-based Buffer Overflow in Csound 5.16.6's pv_import Function Heap-based Buffer Overflow in Csound before 5.17.2 Allows Remote Code Execution Csound Buffer Overflow Vulnerability in util/lpci_main.c Arbitrary SQL Command Execution in BuddyPress Plugin (WordPress) Buffer Overflow Vulnerability in OpenSSL's asn1_d2i_read_bio Function Privilege Escalation via LSA Connection in Samba 3.4.x - 3.6.x Arbitrary web script injection vulnerability in TYPO3 Exception Handler Heap-based Buffer Overflow in libtiff's tiff2pdf Stack-based Buffer Overflow in fprintf in musl Library SQL Injection Vulnerability in OpenEMR 4.1.0 and Earlier Versions CSRF Vulnerability in Drupal Commerce Reorder Module Allows User Hijacking Arbitrary Code Injection through Gigya - Social Optimization Module in Drupal X.Org X11 1.11 Format String Vulnerability in LogVHdrMessageVerb Function Buffer Overflow in Macvtap Device Driver in Linux Kernel Local File Overwrite Vulnerability in latex2man Memory Leak and Host OS Crash Vulnerability in Linux Kernel's KVM Implementation Authentication Bypass Vulnerability in Oracle MySQL and MariaDB Privilege Escalation via File System Capabilities in Linux Kernel Denial of Service Vulnerability in SquirrelMail's IMAP General Function RubyGems Vulnerability: HTTPS to HTTP Redirection during Installation Insecure SSL Certificate Verification in RubyGems Denial of Service via PID Namespace Reference Leak in Linux Kernel CSRF Vulnerability in DokuWiki 2012-01-25 Angua Allows Remote Authentication Hijacking Arbitrary Script Injection Vulnerability in DokuWiki 2012-01-25 Angua Weak Encryption Vulnerability in PolarSSL 0.99pre4 through 1.1.1 Multiple Integer Signedness Errors in OpenSSL 0.9.8v Allow Remote Buffer Overflow Attacks Authentication Bypass Vulnerability in libsoup 2.32.2 and Earlier Linux Kernel Use-After-Free Vulnerability in Huge Pages Handling Denial of Service via LDAP Search DNS Query in bind-dyndb-ldap Memory Corruption and Information Disclosure Vulnerability in Python 3.1-3.3 UTF-16 Decoder Heap-based Buffer Overflow in sock_alloc_send_pskb Function in Linux Kernel Buffer Overflow in KVM Subsystem Allows Local Users to Crash Kernel and Potentially Execute Arbitrary Code Denial of Service Vulnerability in Apache Sling POST Servlet Directory Traversal Vulnerability in Mail Gem Allows Arbitrary File Read Arbitrary Command Execution in Mail Gem (Ruby) via Shell Metacharacters Net-SNMP 5.7.1 Denial of Service Vulnerability in handle_nsExtendOutput2Table Function Arbitrary Command Execution via Escape Sequence in poppler's Error Function Incomplete Processing of Cleartext Passwords in crypt_des Vulnerability Session Fixation Vulnerability in OpenStack Dashboard (Horizon) Folsom-1 and 2012.1: Remote Session Hijacking via sessionid Cookie Apache Qpid 0.17 and earlier Denial of Service Vulnerability Insecure Initialization Vector Usage in Elixir 0.8.0 Allows Database Decryption Denial of Service Vulnerability in Munin 2.0 rc4 via Large Image Requests Property Replacement Vulnerability in JBoxx AS 7.1.1 Arbitrary Code Execution via Negative Array Index in libwpd 0.8.8 Information Disclosure in xfs_metadump in xfsprogs before 3.2.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in SPIP 1.9.x, 2.0.x, and 2.1.x Stack-based Buffer Overflow in dhcpcd 3.2.3's get_packet Method Access Control Vulnerability in Drupal 7.x CDN2 Video Module XSS Vulnerability CSRF Vulnerability in CDN2 Video Module for Drupal Multiple Cross-Site Scripting (XSS) Vulnerabilities in Plume CMS 1.2.4 and Earlier Open Redirect Vulnerability in IBM Eclipse Help System (IEHS) Allows for Phishing Attacks Cross-Site Scripting (XSS) Vulnerability in IBM Rational Change 5.3 Arbitrary Script Injection in IBM Eclipse Help System (IEHS) Unencrypted HTTP Communication Vulnerability in IBM WebSphere Application Server Arbitrary Command Execution Vulnerability in IBM SONAS 1.1 through 1.3.1 Parameter-Tampering Vulnerability in IBM Rational ClearQuest Web Client Information Disclosure: Password Hashes Exposed in IBM Rational ClearQuest Hardcoded Password Vulnerability in IBM XIV Storage System 2810-A14 and 2812-A14 Devices Denial of Service Vulnerability in IBM XIV Storage System Gen3 Sensitive Stack-Trace Information Disclosure in IBM Rational ClearQuest Arbitrary Script Injection in IBM Rational ClearQuest 7.1.x Web Client File Upload Functionality Unrestricted Access Vulnerability in IBM WebSphere Application Server 7.0 Arbitrary SQL Command Execution in IBM System Storage DS Storage Manager Arbitrary Web Script Injection Vulnerability in IBM System Storage DS Storage Manager Vulnerability: Information Disclosure via ODBC Driver in IBM Security AppScan Source Remote Code Execution Vulnerability in IBM Lotus Notes 8.x Buffer Overflow in Attachment_Times Method in IBM Lotus iNotes 8.5.x Stack-based Buffer Overflow in IBM Lotus Quickr ActiveX Control IBM Cognos Business Intelligence (BI) Multiple Versions Cross-Site Scripting (XSS) Vulnerability in Search Feature Symlink Attack Vulnerability in libodm.a on IBM AIX 5.3, 6.1, and 7.1 Denial of Service Vulnerability in IBM DB2 DRDA Chaining Functionality Dojo Module Directory Traversal Vulnerability in IBM WebSphere Portal Session Fixation Vulnerability in IBM Maximo Asset Management Session Fixation Vulnerability in IBM Maximo Asset Management 7.1 through 7.5 Sensitive Information Disclosure in IBM Maximo Asset Management Incomplete blacklist vulnerability in Asterisk Open Source and Business Edition allows remote command execution Weak RSA Key Generation in IBM Remote Supervisor Adapter II Firmware Privilege Escalation Vulnerability in IBM Power Hardware Management Console (HMC) and Systems Director Management Console (SDMC) Denial of Service Vulnerability in IBM Global Security Kit (GSKit) Vulnerability in IBM Global Security Kit (GSKit) Allows Remote Denial of Service Denial of Service Vulnerability in IBM AIX and VIOS Socketpair Function IBM Cognos Business Intelligence Cross-Site Scripting (XSS) Vulnerability Directory Traversal Vulnerability in IBM DB2 9.1 and later versions Arbitrary XML File Read Vulnerability in IBM DB2 Stack-based buffer overflow in IBM DB2 Java Stored Procedure Infrastructure Denial of Service Vulnerability in IBM WebSphere MQ 7.0.1 Privilege Escalation via Sendmail's Default Configuration in IBM AIX and VIOS Denial of Service Vulnerability in IBM WebSphere MQ 7.1 Directory Traversal Vulnerability in IBM Lotus Protector for Mail Security and IBM ISS Proventia Network Mail Security System PKCS #12 File Format Vulnerability in IBM Global Security Kit AIX_KTAP Module Denial of Service Vulnerability in InfoSphere Guardium Arbitrary Web Script Injection Vulnerability in IBM Rational ClearQuest Arbitrary File Read Vulnerability in IBM WebSphere MQ File Transfer Edition Piwigo Upgrade.php Directory Traversal Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Piwigo Admin Panel Remote Denial of Service Vulnerability in Sony Bravia TV KDL-32CX525 Arbitrary Script Injection in eGroupware 1.8.004.20120405 Bypassing Access Configuration in McAfee Web Gateway 7.0 via Host HTTP Header Bypassing Access Configuration for CONNECT Method in Squid 3.1.9 Denial of Service Vulnerability in Pidgin's libpurple Proxy Handling Novell ZENworks Configuration Management (ZCM) Preboot Service Directory Traversal Vulnerability Unrestricted Localhost Access Vulnerability in HTC IQRD Service Cross-Site Tracing (XST) Vulnerability in Novell ZENworks Configuration Management DLL Injection Vulnerability in Xunlei Thunder before 7.2.6 Arbitrary Code Execution Vulnerability in 360zip 1.93beta Arbitrary Code Execution and Information Disclosure Vulnerability in Invision Power Board PluXml Directory Traversal Vulnerability in update/index.php Improper Installation of taskcontroller.cfg in Cloudera Manager 3.7.x and Service and Configuration Manager 3.5 Cross-site scripting (XSS) vulnerability in TeamPass before 2.1.6 in sources/users.queries.php Arbitrary Script Injection in Support Incident Tracker (SiT!) 3.65 and Earlier Arbitrary SQL Command Execution in PHP Gift Registry 1.5.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mahara 1.4.x and 1.5.x Authorization Validation Failure in trytond 2.4 ModelView.button XML External Entity (XXE) Injection Vulnerability in Mahara 1.4.x and 1.5.x Arbitrary Command Execution in devscripts' dscverify.pl Script Arbitrary File Deletion Vulnerability in devscripts' scripts/dget.pl Arbitrary Command Execution in devscripts' scripts/dget.pl Arbitrary Code Execution via Cross-Site Scripting (XSS) in Mahara 1.4.x and 1.5.x Arbitrary Program Execution via ClamAV Path Manipulation in Mahara Clickjacking vulnerability in Mahara 1.4.x and 1.5.x allows remote attackers to delete arbitrary users and bypass CSRF protection Arbitrary Web Script Injection via SVG File in Mahara Embedded Path Variable Vulnerability in dhclient 4.3.1-6 Denial of Service Vulnerability in Tor before 0.2.3.23-rc Denial of Service Vulnerability in Tor 0.2.3.24-rc Bypassing Restricted Shell Access in rssh 2.3.2 via Command Line Options Bypassing Restricted Shell Access in rssh Arbitrary Web Script Injection in Mahara 1.5.x and 1.6.x Denial of Service Vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x Denial of Service Vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x Multiple Cross-Site Scripting (XSS) Vulnerabilities in ownCloud before 3.0.3 Open Redirect Vulnerability in ownCloud Login Page (index.php) Allows for Phishing Attacks Buffer Overflow in InitLicenKeys Function in SkinCrafter3_vs2005.dll Allows Remote Code Execution Denial of Service Vulnerability in Comodo Internet Security Arbitrary Web Script Injection in PivotX 2.3.2 and Earlier CSRF Vulnerabilities in TestLink 1.9.3 and Earlier: Remote Authentication Hijacking Denial of Service Vulnerability in EMC Documentum Information Rights Management Server Denial of Service Vulnerability in EMC Documentum Information Rights Management Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in EMC RSA Authentication Manager and RSA SecurID Appliance Open Redirect Vulnerability in EMC RSA Authentication Manager and RSA SecurID Appliance Cross Frame Scripting Vulnerability in EMC RSA Authentication Manager 7.1 and RSA SecurID Appliance 3.0 Session Token Replay Vulnerability in EMC RSA Access Manager Server 6.x NFS Access Control Vulnerability in EMC Celerra Network Server, VNX, and VNXe Arbitrary Remote Share Access Vulnerability in Iomega Home Media Network Hard Drive and StorCenter with EMC Lifeline Firmware Cleartext Administrator Credentials Disclosure in EMC NetWorker Module for Microsoft Applications (NMM) Remote Code Execution Vulnerability in EMC Cloud Tiering Appliance Unspecified Information Disclosure Vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 Bypassing Token-Authentication in EMC RSA Authentication Agent and Client Remote Code Execution via Format String Vulnerability in EMC NetWorker Arbitrary File Upload and Code Execution Vulnerability in EMC ApplicationXtender Desktop and Web Access Arbitrary Code Execution Vulnerability in EMC NetWorker Module for Microsoft Applications (NMM) World-writable cache directories vulnerability in EMC Avamar Client and Plugin Bypassing Same Origin Policy in EMC RSA Archer SmartSuite Framework and RSA Archer GRC Arbitrary Code Execution via Directory Traversal in EMC RSA Archer SmartSuite Framework and RSA Archer GRC Clickjacking Vulnerability in EMC RSA Archer SmartSuite Framework and RSA Archer GRC Information Disclosure Vulnerability in Janrain Engage Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Drupal Creative Commons Module Cross-Site Scripting (XSS) Vulnerabilities in RealName Module for Drupal Plaintext Password Storage Vulnerability in Ubercart Module for Drupal Arbitrary Script Injection Vulnerabilities in Ubercart Module for Drupal Arbitrary PHP Code Execution Vulnerability in Ubercart Module for Drupal Improper Save Location Check in Site Documentation (Sitedoc) Module for Drupal 6.x-1.x Lack of Permission Enforcement in Spaces Module for Drupal Unauthenticated Access to Sensitive Information in Linkit Module for Drupal CSRF Vulnerability in Node Gallery Module for Drupal 6.x-3.1 and Earlier SQL Injection Vulnerability in Drupal 6.x-4.2 and Earlier Addressbook Module CSRF Vulnerability in Drupal Addressbook Module Arbitrary Code Injection Vulnerability in Drupal Taxonomy Grid: Catalog Module Arbitrary Code Injection Vulnerability in Glossify Internal Links Auto SEO Module for Drupal Arbitrary Script Injection Vulnerability in Drupal cctags Module Arbitrary Code Execution via Query String in PHP CGI Elevated Privileges Vulnerability in JBoss AS 7 Community Release Unrestricted Access to Ethernet Adapter via SIOCSMIIREG IOCTL Command Insecure Permissions in Anaconda's Bootloader Configuration Module Arbitrary User Privilege Escalation in OpenKM 5.1.7 and Earlier Versions CSRF Vulnerability in OpenKM 5.1.7 and Earlier Versions Authentication bypass vulnerability in PHP crypt function with empty salt string Denial of Service Vulnerability in Pidgin MSN Protocol Plugin Buffer Overflow Vulnerabilities in Linux Kernel's HFSPlus Filesystem Implementation Netlink Message Origin Spoofing Vulnerability in ConnMan Arbitrary Command Execution in ConnMan Loopback Plug-in Denial of Service Vulnerability in ConnMan's DHCPv6 Option Handling SQL Injection Vulnerabilities in MyBB (MyBulletinBoard) Prior to 1.6.7 SQL Injection Vulnerability in MyBB User Inline Moderation Feature Arbitrary Web Script Injection in MyBB Admin Control Panel (ACP) via Malformed Attachment Filename Information Disclosure Vulnerability in MyBB (aka MyBulletinBoard) before 1.6.7 Denial of Service via Hash Collision in SBLIM CIM Client Buffer Overflow in apache_request_headers Function in PHP 5.4.x HTTP Header Spoofing Vulnerability in Node.js Serendipity 1.6.1 Cross-Site Scripting (XSS) Vulnerability in serendipity_admin_image_selector.php SQL Injection Vulnerability in Serendipity 1.6.1: Remote Code Execution via serendipity_admin.php Integer Underflow Vulnerability in OpenSSL Integer Overflow Vulnerability in OpenOffice.org and LibreOffice Arbitrary Code Execution Vulnerability in PHP Wrapper FCGI Incomplete Fix for Query String Handling Vulnerability in PHP CGI Script Vulnerability: Command Bypass via Netmask Syntax in sudo SQL Injection Vulnerability in Galette 0.63 - 0.64rc1: Remote Code Execution via picture.class.php Arbitrary Web Script Injection Vulnerability in Drupal Glossary Module Insufficient Permissions in Contact Forms Module for Drupal CSRF Vulnerability in Take Control Module for Drupal Allows Authentication Hijacking for File Manipulation Default configuration of pam_shield before 0.9.4 fails to provide adequate protection SAML IdP Server Spoofing Vulnerability in Mahara Unauthenticated Remote Access to Arbitrary List Archives in Sympa Information Disclosure Vulnerability in Moodle 2.1.x and 2.2.x Arbitrary Message Reading Vulnerability in Moodle 2.1.x and 2.2.x Arbitrary Question Addition Vulnerability in Moodle 2.1.x and 2.2.x Bypassing Capability Requirements in Moodle's Question-Bank Functionality Insecure Transmission of Credentials in CAS Multi-Authentication Feature Bypassing Read-Only State in Moodle Database Activity Privilege Escalation via Teacher Role in Moodle 2.x Arbitrary Web Script Injection via Crafted Page Title in Moodle Cross-site scripting (XSS) vulnerability in Moodle web services implementation Cross-site scripting (XSS) vulnerability in Moodle 1.9.x before 1.9.18 in blog/lib.php Arbitrary SQL Command Execution in Moodle Calendar Event Arbitrary web script injection vulnerability in Moodle's filelib.php Arbitrary Web Script Injection in Moodle Cohort Edit Arbitrary Database Activity Preset Overwrite in Moodle 2.1.x and 2.2.x Bypassing moodle/calendar:manageownentries Capability in Moodle Insecure Password Validation in Bytemark Symbiosis before Revision 1322 Format String Vulnerability in Pidgin-OTR Plugin's log_message_cb Function Heap-based Buffer Overflow in gdk-pixbuf's read_bitmap_file_data Function Arbitrary Script Injection Vulnerability in WP-FaceThumb Plugin for WordPress Denial of Service Vulnerability in RDS Protocol Implementation in Linux Kernel Race condition vulnerability in the Linux kernel before 3.4.5 on x86 with PAE enabled CRLF Injection Vulnerability in Tornado Web Framework Denial of Service Vulnerability in NFSv4 Implementation in Linux Kernel Remote Code Execution Vulnerability in PHP 5.4.3 and Earlier on Windows Unauthenticated Remote Information Disclosure in JGroups Diagnostics Service Apache CXF WS-SecurityPolicy Bypass Vulnerability Apache CXF XML Element Signing and Encryption Vulnerability CSRF Vulnerabilities in Apache Roller Admin/Editor Console Apache Roller before 5.0.1 - Multiple Cross-Site Scripting (XSS) Vulnerabilities Integer Overflow in i915_gem_execbuffer2 Function in Linux Kernel Integer Overflow in i915_gem_do_execbuffer Function in Linux Kernel Denial of Service Vulnerability in Mosh Terminal Dispatcher Integer Overflow in phar_parse_tarfile Function in PHP Allows Remote Code Execution Insecure Random Number Generation in Devotee 0.1 Patch 2 RSA Signature Bypass Vulnerability in GMP Plugin of strongSwan Insecure Permissions in hostapd Configuration File Memory Leak Vulnerability in Linux Kernel's mm/hugetlb.c Denial of Service Vulnerability in Wireshark Dissectors Memory Allocation Vulnerability in DIAMETER Dissector in Wireshark Data Alignment Vulnerability in Wireshark 1.4.x and 1.6.x on SPARC and Itanium Platforms Arbitrary Command Execution Vulnerability in Cobbler 2.2.0 Denial of Service Vulnerability in VideoLAN VLC Media Player 2.0.1 CSRF Vulnerability in ownCloud Allows Remote User Hijacking and XSS Injection Arbitrary Script Injection in ownCloud files/ajax/download.php Arbitrary Script Injection via swfupload.swf in SWFupload 2.2.0.1 and Earlier Unspecified Vulnerability in WordPress 3.3.2 with Unknown Impact and Attack Vectors Cross-Domain Scripting Vulnerability in Plupload before 1.5.4 Bypassing Access Restrictions and Deactivating Network-wide Plugins in WordPress 3.3.2 Cross-Site Scripting (XSS) Vulnerability in WordPress before 3.3.2 Cross-Site Scripting (XSS) Vulnerability in wp-comments-post.php Unspecified Encryption Vulnerability in Gallery 2 and 3 Arbitrary Code Execution Vulnerability in RealPlayer Buffer Overflow Vulnerability in RealPlayer Heap Memory Corruption Vulnerability in RealPlayer AAC SDK Buffer Overflow Vulnerability in RealPlayer Buffer Overflow Vulnerability in RealPlayer Buffer Overflow Vulnerability in RealPlayer and RealPlayer SP Cross-site scripting (XSS) vulnerability in Joomla! 1.5.26 and earlier with ja_purity template Arbitrary Command Execution in Asterisk Manager Interface Heap-based Buffer Overflow in Skinny Channel Driver in Asterisk Open Source Denial of Service Vulnerability in Asterisk SIP Channel Driver Insecure Prime Number Generation in PyCrypto's ElGamal Key Generation Heap-based Buffer Overflow in Intuit QuickBooks HelpAsyncPluggableProtocol.dll Memory Leak in Intuit QuickBooks 2009-2012: Denial of Service via Multiple References in intu-help-qb Handlers Vulnerability in Intuit QuickBooks 2009-2012 Allows Information Disclosure via URI Intuit QuickBooks Absolute Path Traversal Vulnerability Pathname Information Disclosure Vulnerability in Intuit QuickBooks 2009-2012 Information Disclosure Vulnerability in Intuit QuickBooks 2009-2012 Denial of Service Vulnerability in Intuit QuickBooks 2009-2012 Denial of Service Vulnerability in Intuit QuickBooks 2009-2012 Memory Allocation Vulnerability in xArrow Server Remote Code Execution Vulnerability in xArrow Server Arbitrary Code Execution via Integer Overflow in xArrow Server Arbitrary Code Execution Vulnerability in xArrow Server Pligg CMS Directory Traversal Vulnerability in Captcha Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in Pligg CMS before 1.2.2 Unauthenticated Arbitrary Cookie Generation in AWCM 2.2 Denial of Service (Disk Consumption) Vulnerability in AWCM 2.2 Default Configuration of NETGEAR ProSafe FVS318N Firewall Allows Remote HTTP Connection Default Configuration of TP-Link 8840T Router Allows Remote Web-Based Administration RuggedCom ROS Factory Account Vulnerability Buffer Overflow Vulnerability in Nokia PC Suite Video Manager Arbitrary Script Injection in Netsweeper WebAdmin Portal CSRF Vulnerability in Netsweeper WebAdmin Portal Allows Unauthorized Account Creation NFS Traffic Remote Code Execution and Memory Overwrite Vulnerability in VMware ESXi and ESX Virtual Floppy Device Misconfiguration Vulnerability VMware Virtual Machine SCSI Device Registration Vulnerability Predictable Temporary File Names Vulnerability in Config::IniFiles Perl Module Cross-Site Scripting (XSS) Vulnerabilities in pragmaMx 1.x before 1.12.2 Unvalidated Registration ID Vulnerability in Advanced Productivity Software DTE Axiom before 12.3.3 Unspecified Denial of Service Vulnerability in Bitcoin Software Denial of Service Vulnerability in Cisco NX-OS on Nexus 7000 Series Switches Denial of Service Vulnerability in Cisco ASA 5500 Series Devices with SIP Inspection Enabled Cisco ASA 5500 Series Devices Memory Leak Vulnerability Arbitrary Code Execution Vulnerability in Cisco TelePresence Devices Denial of Service Vulnerability in Cisco IOS XR on ASR 9000 and CRS Series Devices Certificate Trust List Modification Vulnerability in Cisco IP Communicator 8.6 (Bug ID CSCtz01471) Arbitrary Code Execution Vulnerability in Cisco AnyConnect Secure Mobility Client Vulnerability: Version Downgrade Attack in Cisco AnyConnect Secure Mobility Client Vulnerability: Version Downgrade Attack in Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop Arbitrary Code Execution Vulnerability in Cisco AnyConnect Secure Mobility Client 3.x on 64-bit Linux Platforms Certificate Spoofing Vulnerability in Cisco AnyConnect Secure Mobility Client Certificate Name Verification Bypass in Cisco AnyConnect Secure Mobility Client Certificate Name Verification Bypass in Cisco AnyConnect Secure Mobility Client Remote Denial of Service Vulnerability in SAP NetWeaver Dispatcher Denial of Service Vulnerability in SAP NetWeaver Dispatcher Remote Denial of Service Vulnerability in SAP NetWeaver Dispatcher Remote Denial of Service Vulnerability in SAP NetWeaver Dispatcher Stack-based buffer overflow in KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 allows remote code execution Command Injection Vulnerability in KeyHelp.ocx Arbitrary Script Injection in PrestaShop's ajax.php via product[] Parameter .NET Framework Insecure Library Loading Vulnerability HTML Sanitization Vulnerability in Microsoft Office Suite Asynchronous NULL Object Access Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-9 Virtual Function Table Corruption Remote Code Execution Vulnerability JavaScript Integer Overflow Remote Code Execution Vulnerability CGM File Format Memory Corruption Vulnerability in Microsoft Office 2007, 2010 Remote Desktop Protocol Memory Processing Vulnerability Win32k Use After Free Vulnerability RTF File listid Use-After-Free Vulnerability Windows Kernel Integer Overflow Vulnerability Win32k Use After Free Vulnerability Weak Permissions in IIS 7.5 Operational Log: Password Disclosure Vulnerability FTP Command Injection Vulnerability in Microsoft FTP Service 7.0 and 7.5 Reflected XSS Vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 Word RTF 'listoverridecount' Remote Code Execution Vulnerability Excel Stack Overflow Vulnerability Event Listener Use After Free Vulnerability in Microsoft Internet Explorer 9 Layout Use After Free Vulnerability in Microsoft Internet Explorer 9 Revoked Certificate Bypass Vulnerability in Windows Server 2008 R2 and Server 2012 IP-HTTPS Server Microsoft Works 9 Word .doc File Remote Code Execution Vulnerability Kerberos NULL Dereference Vulnerability Reflected XSS Vulnerability in SQL Server Report Manager Win32k Use After Free Vulnerability OpenType Font Parsing Vulnerability CloneNode Use After Free Vulnerability in Microsoft Internet Explorer 6-8 Remote Code Execution and Denial of Service Vulnerability in WellinTech KingHistorian 3.0 WellinTech KingView 6.53 Directory Traversal Vulnerability Arbitrary JSP Code Execution in HP BSM 9.12 via Unrestricted .war File Upload Unauthenticated Remote Command Execution in Xelex MobileTrack Application for Android Cross-Site Scripting (XSS) Vulnerabilities in Bloxx Web Filtering Before 5.0.14 CSRF Vulnerabilities in Bloxx Web Filtering Administrative Interface Lack of Salt in Bloxx Web Filtering Password Hashing X-Forwarded-For Header Bypass Vulnerability in Bloxx Web Filtering Hardcoded Credentials Vulnerability in Xelex MobileTrack Application Remote Password Change Vulnerability in Seagate BlackArmor Management Web Server Arbitrary Web Script Injection in Synametrics Technologies Xeams 4.4 Build 5720 Arbitrary Web Script Injection Vulnerability in X-Cart Gold 4.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in WinWebMail Server 3.8.1.6 Arbitrary Script Injection via Email Subject in ThreeWP Email Reflector Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in T-dah WebMail 3.2.0-2.3 Blind SQL Injection Vulnerability in Symantec Web Gateway Management Console Cross-Site Scripting (XSS) Vulnerability in NetWin SurgeMail 6.0a4 via IFRAME SRC Attribute SQL Injection Vulnerability in LoginServlet Page in SolarWinds Storage Manager, Storage Profiler, and Backup Profiler before 5.1.2 SolarWinds Orion Network Performance Monitor (NPM) Multiple Cross-Site Scripting (XSS) Vulnerabilities Multiple Cross-Site Scripting (XSS) Vulnerabilities in SmarterMail 9.2 WP SimpleMail Plugin 1.0.6 - Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary Web Script Injection in Postie Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in OTRS Help Desk and OTRS ITSM Arbitrary Script Injection in Mini Mail Dashboard Widget Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Alt-N MDaemon Free 12.5.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ManageEngine ServiceDesk Plus 8.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailtraq 2.17.3.3150 Cross-Site Scripting (XSS) Vulnerabilities in AfterLogic MailSuite Pro 6.3 Cross-Site Scripting (XSS) Vulnerabilities in MailEnable Enterprise 6.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ESCON SupportPortal Professional Edition 3.0 Cross-Site Scripting (XSS) Vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 Axigen Mail Server 8.0.1 XSS Vulnerability in Email Body Injection Cross-Site Scripting (XSS) Vulnerability in Atmail Webmail Server 6.4 Administrative Interface Cross-Site Scripting (XSS) Vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 XML Injection Vulnerability in Siemens WinCC 7.0 SP3 before Update 2 Siemens WinCC 7.0 SP3 Multiple Directory Traversal Vulnerabilities Buffer Overflow Vulnerability in Siemens WinCC 7.0 SP3 DiagAgent Web Server Arbitrary SQL Command Execution in Ipswitch WhatsUp Gold 15.02 via WrVMwareHostList.asp SolarWinds Orion Network Performance Monitor (NPM) CSRF Vulnerabilities Privilege Escalation and Information Disclosure Vulnerability in CollabNet ScrumWorks Pro Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in Bradford Network Sentry Administrative Interface Cross-Site Request Forgery (CSRF) Vulnerabilities in Bradford Network Sentry Administrative Interface Unauthenticated Message Display Vulnerability in Bradford Network Sentry Remote Code Execution Vulnerability in Johnson Controls CK721-A Controller Arbitrary Code Execution Vulnerability in SAP NetWeaver 7.0 EHP1 and EHP2 Remote Denial of Service Vulnerability in SAP NetWeaver Dispatcher Buffer Overflow in Lattice Diamond Programmer 1.4.2: Remote Code Execution Vulnerability Vulnerability: Denial of Service via RSN 802.11i Information Element in Broadcom Wi-Fi Chips Logica HotScan Remote Denial of Service Vulnerability Denial of Service Vulnerability in PyGrub Boot Loader Unauthenticated Remote Account Addition in Plixer Scrutinizer Web Console Arbitrary File Creation Vulnerability in Plixer Scrutinizer Multiple Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities in Axous 1.1.1 and Earlier Cleartext Twitter Credentials Vulnerability in Puella Magi Madoka Magica iP Application Arbitrary Web Script Injection Vulnerability in WEBLOGIC @WEB ShoppingCart Vulnerability: Bypassing URL Restrictions in SEIL Routers with Enabled http-proxy and application-gateway Features Arbitrary Script Injection via User-Agent Header in WassUp Plugin for WordPress FeedDemon 4.0 XSS Vulnerability Improper Implementation of WebView Class in Dolphin Browser HD and Dolphin for Pad for Android Allows Information Disclosure Arbitrary Web Script Injection Vulnerability in KENT-WEB WEB PATIO 4.04 and Earlier Arbitrary Web Script Injection Vulnerability in KENT-WEB WEB PATIO 4.04 and Earlier SmallPICT.cgi in SmallPICT before 2.7 Cross-Site Scripting (XSS) Vulnerability Information Disclosure Vulnerability in NEC BIGLOBE Yome Collection App for Android Unspecified Library Interaction XSS Vulnerability in Zenphoto before 1.4.3 MT4i Plugin 3.1 Beta 4 and Earlier for Movable Type Cross-Site Scripting (XSS) Vulnerability KENT-WEB YY-BOARD XSS Vulnerability MT4i Plugin 3.1 Beta 4 and Earlier for Movable Type Cross-Site Scripting (XSS) Vulnerability Information Disclosure Vulnerability in Yahoo! Japan Yahoo! Browser Application for Android Improper Implementation of WebView Class in Sleipnir Mobile Applications Allows Information Disclosure Remote Code Execution via Search URL Modification in Yahoo! Toolbar for Chrome and Safari Arbitrary Script Injection Vulnerability in GoodReader App for iOS Arbitrary Java Method Execution and Command Injection Vulnerability in Sleipnir Mobile Application Symlink Attack Vulnerability in Qemu 1.0's bdrv_open Function Privilege Escalation Vulnerability in arpwatch 2.1a15 Security Group Protocol Bypass Vulnerability in OpenStack Compute (Nova) Denial of Service Vulnerability in PostgreSQL XML External Entity (XXE) Vulnerability in Restlet 1.1.10 Allows Remote Information Disclosure Buffer Overflow in SQLDriverConnect Function in unixODBC 2.0.10 and Earlier: Denial of Service via FILEDSN Option Buffer Overflow Vulnerability in SQLDriverConnect Function in unixODBC 2.3.1 Vulnerability: Bypassing Database Query Restrictions in Ruby on Rails SQL Injection Vulnerability in Ruby on Rails Active Record Component Cross-Site Scripting (XSS) Vulnerabilities in Red Hat Certificate System and Dogtag Certificate System iptables: TCP SYN+FIN Packet Matching Bypass Vulnerability Insecure Password Handling in sosreport Utility Heap-based Buffer Overflows in XML Manifest Encryption Tag Parsing in OpenOffice.org and LibreOffice Vulnerability: Predictable Temporary File Name in golang/go 1.0.2 Session Fixation Vulnerability in Symfony 1.4.18 and earlier versions OpenLDAP TLS Cipher Suite Weakness Netlink Message Spoofing Vulnerability in hypervkvpd Arbitrary File Upload and Execution in Collabtive before 0.7.6 Rack::Cache Rubygem Vulnerability: Cache Poisoning and Sensitive Header Exposure Improper Cleanup of FacesContext Reference in Oracle Mojarra 2.1.7 Allows Unauthorized Access Integer Overflow Vulnerabilities in Boehm-Demers-Weiser GC Library Integer overflows in Bionic (libc) for Android's malloc_debug_leak.c Integer overflows in CallMalloc and nedpcalloc functions in nedmalloc.c leading to memory-related attacks Integer overflows in malloc and calloc functions in Hoard before 3.9 leading to memory-related attacks Integer Overflow in Boost Pool's ordered_malloc Function Unhashed Password Disclosure in 389 Directory Server Weak Permissions on rhncfg-actions Log File in Red Hat Network Configuration Client (rhncfg-client) Unrestricted Resource Access Vulnerability in Cumin before 0.1.5444 Predictable Random Number Generation in Cumin before 0.1.5444 Denial of Service Vulnerability in Cumin (MRG Management Console) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cumin before 0.1.5444 SQL Injection Vulnerabilities in Cumin's get_sample_filters_by_signature Function Denial of Service Vulnerability in Cumin before 0.1.5444 Denial of Service Vulnerability in OpenSSL 1.0.1 before 1.0.1d Cross-Site Scripting (XSS) Vulnerabilities in Apache HTTP Server 2.4.x Unspecified Remote Overflow Vulnerability in PHP Stream Implementation World-readable permissions set by virt-edit in libguestfs before 1.18.0 may expose sensitive information to local guest users. Arbitrary Bugnote Editing Vulnerability in MantisBT SOAP API Arbitrary Attachment Deletion Vulnerability in MantisBT before 1.2.11 Improper USB Device Assignment in libvirt Vulnerability: Parameter Handling Bypass in Ruby on Rails SQL Injection Vulnerability in Ruby on Rails ActiveRecord Privilege Escalation in Red Hat Enterprise Virtualization Manager (RHEV-M) Unspecified Denial of Service Vulnerability in autofs with LDAP-based Automount Map Arbitrary Web Script Injection in MediaWiki's outputPage Function Unrestricted Access to Unassigned Product Keys in Ubercart Product Keys Module for Drupal Arbitrary Web Script Injection in Drupal Advertisement Module Information Disclosure Vulnerability in Advertisement Module for Drupal Cross-Site Scripting (XSS) Vulnerability in Smart Breadcrumb Module for Drupal Arbitrary Script Injection in Post Affiliate Pro (PAP) Drupal Module User Registration Access Bypass Vulnerability in Hostmaster (Aegir) Module for Drupal Arbitrary Web Script Injection in Hostmaster (Aegir) Module for Drupal Arbitrary Web Script Injection in Zen Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Taxonomy List Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Drupal Search API Module 7.x-1.x CSRF Vulnerability in BrowserID Module for Drupal Remote Authentication Hijacking in BrowserID Module for Drupal Arbitrary Script Injection in Amadou Theme Module for Drupal CSRF Vulnerability in Drupal Comment Moderation Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mobile Tools Module for Drupal SQL Injection Vulnerability in Drupal Counter Module Allows Remote Code Execution Session Hijacking Vulnerability in filedepot module for Drupal Session Reversion Vulnerability in Token Authentication Module for Drupal Access Bypass Vulnerability in Organic Groups (OG) Module for Drupal Node Title Disclosure Vulnerability in CKEditor Node Embed Module Arbitrary Code Injection Vulnerability in Maestro Module for Drupal Information Disclosure Vulnerability in Simplenews Module for Drupal Cross-Site Scripting (XSS) Vulnerability in Authoring HTML Module for Drupal Arbitrary Script Injection Vulnerability in Protest Module for Drupal Open Redirect Vulnerability in Janrain Capture Module for Drupal Cross-Site Request Forgery (CSRF) Vulnerabilities in Node Hierarchy Module for Drupal Cross-Site Request Forgery (CSRF) Vulnerabilities in SimpleMeta Module for Drupal Bypassing Access Restrictions in Protected Node Module for Drupal Information Disclosure Vulnerability in Ubercart AJAX Cart for Drupal Denial of Service (DoS) vulnerability in Apache Tomcat 6.x and 7.x Cross-Site Request Forgery (CSRF) Vulnerabilities in Cumin before 0.1.5444 Session Fixation Vulnerability in Cumin before 0.1.5444 Allows Remote Session Hijacking Vulnerability in NetworkManager 0.9.2.0: AdHoc Mode Creates Open/Insecure Wireless Network Race condition vulnerability in user_change_icon_file_authorized_cb function in AccountsService before 0.6.22 allows local users to read arbitrary files. Denial of Service Vulnerability in VteTerminal of gnome-terminal Denial of Service Vulnerability in Oracle Java SE and OpenJDK Arbitrary SQL Command Execution in phpList 2.10.18 Arbitrary Web Script Injection in phpList 2.10.18 Insufficient Password Entropy in Revelation 0.4.13-2 and Earlier Versions Weak Password Encryption in Revelation 0.4.13-2 and Earlier Denial of Service Vulnerability in nf_conntrack_reasm.c in Linux Kernel Invalid Replacement Session Keyring Vulnerability Plain Text Password Logging Vulnerability in 389 Directory Server Privilege Escalation Vulnerability in Joomla! 2.5.x before 2.5.5 Unspecified SQL Injection Vulnerability in Joomla! 2.5.x before 2.5.5 Denial of Service Vulnerability in MySQL 5.1.x and 5.5.x Unspecified vulnerability in MySQL 5.5.x before 5.5.23 with unknown impact and attack vectors related to a Security Fix (Bug #59533) ModSecurity PHP Content-Disposition XSS Vulnerability Untrusted Search Path Vulnerability in VMware vMA 4.x and 5.x Untrusted Search Path Vulnerability in Check Point Endpoint Security R73.x and E80.x Cross-site scripting (XSS) vulnerability in Login With Ajax plugin for WordPress World-readable permissions for /tmp/mod_auth_openid.db in mod_auth_openid before 0.7 for Apache allow local users to obtain session ids SQL Injection Vulnerability in Serendipity 1.6.2: Remote Code Execution via comment.php Buffer Overflow in GIMP 2.6.12 and Earlier Allows Remote Code Execution Untrusted Search Path Vulnerability in Google Chrome on Windows Cross-Site Scripting (XSS) Vulnerabilities in RTFM Extension for Best Practical Solutions RT Cross-Site Scripting (XSS) Vulnerabilities in Extension::MobileUI and Best Practical Solutions RT Session Hijacking Vulnerability in Authen::ExternalAuth Extension for Best Practical Solutions RT Unspecified vulnerability in FFmpeg before 0.10.3 with unknown impact and attack vectors Unspecified vulnerability in ff_rv34_decode_frame function in FFmpeg and Libav Unspecified vulnerability in FFmpeg before 0.10.3 with unknown impact and attack vectors Memory Corruption Vulnerability in FFmpeg's ff_MPV_frame_start Function Unspecified vulnerability in read_var_block_data function in libavcodec/alsdec.c Unspecified vulnerability in decode_cell_data function in FFmpeg and Libav before 0.11/0.8.4 Unspecified vulnerability in decode_pic function in libavcodec/cavsdec.c in FFmpeg and Libav before 0.11 has unknown impact and attack vectors Unspecified vulnerability in FFmpeg before 0.10.3 with unknown impact and attack vectors Unspecified vulnerability in decode_frame function in libavcodec/indeo5.c Unspecified vulnerability in FFmpeg before 0.10.3 with unknown impact and attack vectors Unspecified vulnerability in FFmpeg before 0.10.3 with unknown impact and attack vectors Unspecified vulnerability in decode_slice_header function in FFmpeg before 0.11 Unspecified vulnerability in libavcodec/vp56.c in FFmpeg and Libav before 0.11 and 0.8.5 respectively Unspecified vulnerability in decode_pic function in libavcodec/cavsdec.c in FFmpeg and Libav before 0.11 has unknown impact and attack vectors Unspecified Vulnerabilities in FFmpeg's WMALosslessDec Codec Unspecified Out-of-Array Write Vulnerability in FFmpeg and Libav Unspecified vulnerability in decode_frame function in libavcodec/indeo4.c Unspecified Out-of-Array Read Vulnerability in avi_read_packet Function Unspecified vulnerability in avi_read_packet function in FFmpeg and Libav Unspecified vulnerability in read_var_block_data function in libavcodec/alsdec.c Unspecified Vulnerabilities in FFmpeg and Libav Codecs Unspecified Vulnerability in FFmpeg's decode_init Function with Unknown Impact and Attack Vectors Unspecified vulnerability in lag_decode_zero_run_line function in FFmpeg and Libav Unspecified vulnerability in decode_mb_info function in FFmpeg and Libav Unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 Unspecified vulnerability in vc1_decode_frame function in FFmpeg and Libav before 0.11 and 0.8.4 Unspecified vulnerability in decode_frame_mp3on4 function in FFmpeg and Libav Unspecified Out-of-Array Write Vulnerability in decode_dds1 Function Unspecified vulnerability in FFmpeg's libavcodec/wmalosslessdec.c with unknown impact and attack vectors related to put bit buffer when num_saved_bits is reset Unspecified vulnerability in ff_ivi_process_empty_tile function in libavcodec/ivi_common.c Unspecified vulnerability in libavcodec/avs.c in FFmpeg and Libav before 0.11 and 0.8.4 respectively Unspecified vulnerability in ac3_decode_frame function in FFmpeg and Libav Double Free Vulnerability in mpeg_decode_frame function in FFmpeg and Libav Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg and Libav before 0.11/0.8.5 Unspecified Denial of Service Vulnerability in FFMPEG 0.10 Heap-based Buffer Overflow in libjpeg-turbo 1.2.0's get_sos Function Multiple Integer Overflows in libxml2 on 64-bit Linux Platforms Insecure PRNG Implementation in Android DNS Resolver Out-of-Bounds Read Vulnerability in libexif Out-of-Bounds Read Vulnerability in libexif's exif_convert_utf16_to_utf8 Function Buffer Overflow in libexif 0.6.20 Allows Remote Code Execution via Crafted EXIF Tags Information Disclosure Vulnerability in Google Chrome Sandbox Isolation Vulnerability in Google Chrome on Windows Google Chrome Use-After-Free Vulnerability in Table Sections Google Chrome Use-After-Free Vulnerability in CSS Counters Denial of Service Vulnerability in WebGL Texture Uploads Denial of Service Vulnerability in Google Chrome's SVG Filters Implementation Autofill Text Display Vulnerability in Google Chrome Denial of Service Vulnerability in Google Chrome PDF Functionality Google Chrome Use-After-Free Vulnerability in SVG Resources Google Chrome Use-After-Free Vulnerability in SVG Painting Denial of Service Vulnerability in Google Chrome XSL Implementation Out-of-Bounds Read Vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome UI on Mac OS X Integer Overflow Vulnerabilities in Google Chrome PDF Functionality Cascading Style Sheets (CSS) Use-After-Free Vulnerability in Google Chrome Improper Array Value Setting Vulnerability in Google Chrome Google Chrome Use-After-Free Vulnerability in SVG References Uninitialized Pointer Vulnerability in Google Chrome PDF Functionality Buffer Overflow Vulnerability in Google Chrome's PDF Functionality Integer Overflow in Google Chrome: Denial of Service and Possible Other Impact via Crafted Data in Matroska Container Format Out-of-Bounds Read Vulnerability in libexif's exif_data_load_data Function Denial of Service Vulnerability in libexif's mnote_olympus_entry_get_value Function Off-by-one Error in libexif's exif_convert_utf16_to_utf8 Function Heap-based buffer overflow in libexif 0.6.20 due to integer underflow in exif_entry_get_value function Use-after-free vulnerability in Google Chrome: Denial of Service and Remote Code Execution Google Chrome Use-After-Free Vulnerability in Layout Height Tracking Denial of Service and Remote Code Execution Vulnerability in Google Chrome PDF Functionality Integer Overflow in libjpeg's jpeg_data_load_data Function Allows Remote Code Execution Denial of Service Vulnerability in Google Chrome on Linux Unconfirmed Download Vulnerability in Google Chrome Drag-and-Drop File Access Bypass Vulnerability in Google Chrome GIF Decoder Off-by-One Error Vulnerability in Google Chrome Unspecified Vulnerabilities in PDF Functionality in Google Chrome Integer Overflow Vulnerabilities in Google Chrome PDF Functionality Use-after-free vulnerability in PDF functionality in Google Chrome Denial of Service Vulnerability in Google Chrome WebRequest API Information Disclosure Vulnerability in Google Chrome WebUI Renderer Process PDF Use-After-Free Vulnerability in Google Chrome Out-of-bounds Write Vulnerability in Google Chrome PDF Functionality Cascading Style Sheets (CSS) DOM Use-After-Free Vulnerability in Google Chrome Buffer Overflow in WebP Decoder in Google Chrome Arbitrary Code Execution and Denial of Service Vulnerability in Google Chrome on Linux Denial of Service Vulnerability in Google Chrome's Date-Picker Implementation PDF Use-After-Free Vulnerability in Google Chrome Out-of-Bounds Write Vulnerability in Google Chrome PDF Functionality Remote Code Execution via Array Overflow in Mesa Line Breaking Denial of Service Vulnerability in Google Chrome Unspecified Variable Cast Vulnerability in Google Chrome Denial of Service Vulnerability in Google Chrome's SPDY Implementation Race condition vulnerability in Google Chrome before 21.0.1180.89 allows for denial of service and potential impact via improper interaction with XMLHttpRequest object Denial of Service and Remote Code Execution Vulnerability in Google Chrome Memory Management Vulnerability in libxslt 1.1.26 and Earlier Denial of Service Vulnerability in libxml2 Arbitrary Script Injection in Google Chrome SSL Interstitial Page Out-of-Bounds Write Vulnerability in Skia Library Unspecified Remote Code Execution Vulnerabilities in Google Chrome PDF Functionality Buffer Overflow in SSE2 Optimization Functionality in Google Chrome Denial of Service Vulnerability in Google Chrome Extension System Google Chrome Use-After-Free Vulnerability in Plug-In Handling Denial of Service Vulnerability in Google Chrome Race condition vulnerability in Google Chrome before 22.0.1229.79 allows for denial of service and potential impact via plug-in paint buffer vectors. Denial of Service and DOM Tree Corruption Vulnerability in Google Chrome Denial of Service Vulnerability in FFmpeg OGG Container Handling Out-of-bounds Write Vulnerability in Skia Library Out-of-Bounds Read Vulnerability in Skia Library Double Free Vulnerability in Google Chrome: Remote Denial of Service and Potential Impact Universal XSS (UXSS) vulnerability in Google Chrome before version 22.0.1229.79 Use-after-free vulnerability in Google Chrome before 22.0.1229.79: Remote Code Execution via onclick events Google Chrome Use-After-Free Vulnerability in SVG Text References Universal Cross-Site Scripting (UXSS) Vulnerability in Google Chrome PDF Use-After-Free Vulnerability in Google Chrome Information Disclosure Vulnerability in Google Chrome IPC Implementation Bypassing Pop-up Blocker in Google Chrome Double Free Vulnerability in libxslt: Remote Denial of Service and Possible Other Impacts Graphics-Context Data Structure Vulnerability in Google Chrome Out-of-Bounds Write Vulnerability in Google Chrome PDF Functionality WebGL Integer Overflow Vulnerability in Google Chrome Windows Font Parsing Vulnerability Omnibox URL Spoofing Vulnerability in Google Chrome for iOS on iPad Devices Universal XSS (UXSS) Vulnerability in Google Chrome for iOS Skia Text Rendering Vulnerability in Google Chrome Arbitrary Script Injection in Joomla Content Editor (JCE) Profile List Unrestricted File Upload Vulnerability in Joomla Content Editor (JCE) Component Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHP Address Book 7.0 and Earlier Cross-Site Scripting (XSS) Vulnerability in LongTail JW Player 5.9 Predictable Database Backup File Names in Artiphp CMS 5.5.0 Neo (r422) with Insufficient Access Control Multiple Cross-Site Scripting (XSS) Vulnerabilities in Artiphp CMS 5.5.0 Neo (r422) Cross-Site Scripting (XSS) Vulnerability in Aberdeen Theme for Drupal SQL Injection Vulnerabilities in Viscacha 0.8.1.1: admin/bbcodes.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in Viscacha 0.8.1.1 Cross-Site Scripting (XSS) Vulnerabilities in SiliSoftware phpThumb() 1.7.11 Arbitrary Web Script Injection in backupDB.php in SiliSoftware backupDB() 1.2.7a Cross-Site Scripting (XSS) Vulnerabilities in LeagueManager Plugin 3.7 for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Leaflet Plugin for WordPress Unijimpe Captcha: Remote Code Injection via PATH_INFO Remote Code Execution in Lattice Semiconductor PAC-Designer 6.2.1344 via Stack-based Buffer Overflow Arbitrary Web Script Injection in SABRE WordPress Plugin Arbitrary Script Injection in Share and Follow Plugin for WordPress Chevereto 1.91 Upload/engine.php XSS Vulnerability Chevereto 1.9.1 Directory Traversal Vulnerability in Upload Engine Arbitrary Script Injection in User Photo Plugin for WordPress Denial of Service Vulnerability in Universal Feed Parser (feedparser or python-feedparser) Information Disclosure Vulnerability in Drupal 7.14 and Earlier SQL Injection Vulnerability in news.php4 in Hypermethod eLearning Server 4G Remote File Inclusion Vulnerability in Hypermethod eLearning Server 4G SQL Injection Vulnerability in Simple PHP Agenda 2.2.8 XML Parser Vulnerability in Atlassian Products Denial of Service Vulnerability in TM Software Tempo Plugin for Atlassian JIRA XML Parser Vulnerability in Gliffy Plugin for Atlassian JIRA and Confluence Cross-Site Request Forgery (CSRF) Vulnerabilities in TinyWebGallery (TWG) before 1.8.8 Arbitrary Code Injection in TinyWebGallery before 1.8.8 Multiple Cross-Site Scripting (XSS) Vulnerabilities in TinyWebGallery (TWG) before 1.8.8 Denial of Service Vulnerability in Xen 4.0 and 4.1 on Older AMD CPUs Cross-site scripting (XSS) vulnerability in osCommerce Online Merchant 3.0.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Pligg CMS before 1.2.2 Multiple SQL Injection Vulnerabilities in Pligg CMS before 1.2.2 Cross-Site Scripting (XSS) Vulnerabilities in Travelon Express 6.2.2 Arbitrary Code Execution via Unrestricted File Upload in Travelon Express 6.2.2 Denial of Service Vulnerability in MediaChance Real-DRAW PRO 5.2.4 Yandex.Server 2010 9.0 Enterprise Cross-Site Scripting (XSS) Vulnerability in Search/ Buffer Overflow in HAProxy Header Capture Functionality CRLF Injection Vulnerability in Cryptographp.inc.php Allows HTTP Response Splitting Attacks Buffer Overflow Vulnerability in upsd in Network UPS Tools (NUT) Hadoop 1.0.3 Symlink Vulnerability Denial of Service Vulnerability in IAX2 Channel Driver Denial of Service Vulnerability in Skinny Channel Driver Hardcoded Password Vulnerability in ZTE Sync_Agent Program on Android 2.3.4 Local File Include Vulnerability in Gateway Geomatics MapServer for Windows before 3.0.6 SQL Injection Vulnerability in Jaow 2.4.5 and Earlier: Remote Code Execution via add_ons Parameter Arbitrary Command Execution Vulnerability in Symantec Web Gateway 5.0.x Cross-Site Scripting (XSS) Vulnerabilities in IBM Lotus Protector for Mail Security and IBM ISS Proventia Network Mail Security System SQL Injection Vulnerability in SpiceWorks 5.3.75941 Privilege Escalation via File Inclusion in Symantec Web Gateway 5.0.x CSRF Vulnerability in BMC Identity Management Suite 7.5.00.103 Allows Password Hijacking Arbitrary Code Injection through File Import in HP ArcSight Connector and Logger Appliances Arbitrary SQL Command Execution in Symantec Web Gateway Management Console Arbitrary SQL Command Execution in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) Unauthenticated Access to Sensitive Information in BreakingPoint Storm Appliance Cleartext Credential Vulnerability in BreakingPoint Storm Appliance Unspecified Character Handling Vulnerability in Caucho Quercus Caucho Quercus Remote Attack Vector via Overwriting SERVER Superglobal Array Unspecified Impact and Context-Dependent Attack Vectors in Caucho Quercus Caucho Quercus Directory Traversal Vulnerability Bypassing Filename Extension Restrictions in Caucho Quercus Denial of Service Vulnerability in Synel SY-780/A Time & Attendance Terminal Remote Code Execution Vulnerability in CA ARCserve Backup Server Denial of Service Vulnerability in CA ARCserve Backup r12.5, r15, and r16 on Windows Remote Authentication Bypass Vulnerability in SMC SMC8024L2 Switch Web Interface Cross-site scripting (XSS) vulnerability in F5 ASM Appliance 10.0.0 through 11.2.0 HF2 Arbitrary Command Execution Vulnerability in Symantec Web Gateway 5.0.x Arbitrary Password Change Vulnerability in Symantec Web Gateway 5.0.x Remote Denial of Service in NSD DNS Server Denial of Service Vulnerability in FreeBSD NSD Server Sensitive Information Disclosure via TouchEvent Method Implementation on Samsung and HTC Android Devices Arbitrary Code Execution Vulnerability in Webmin 1.590 and Earlier Arbitrary Command Execution Vulnerability in Webmin 1.590 and Earlier Arbitrary File Read Vulnerability in Webmin 1.590 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Websense Content Gateway before 7.7.3 Arbitrary Script Injection in CuteSoft Cute Editor 6.4 via InsertDocument.aspx Arbitrary Command Execution in HP SAN/iQ 9.5 Arbitrary Program Execution Vulnerability in MarkAny ContentSAFER Remote Code Execution in PayPal Module of osCommerce Online Merchant Domain Name Verification Bypass in Microsoft Windows Phone 7 Weak Password Generation in CoSoSys Endpoint Protector 4 Appliance Cross-Site Scripting (XSS) Vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1 CSRF Vulnerability in Trend Micro InterScan Messaging Security Suite 7.1 XML External Entity (XXE) vulnerability in F5 BIG-IP allows remote file read SQL Injection Vulnerability in Trend Micro Control Manager (TMCM) Ad Hoc Query Module Cerberus FTP Server Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities SQL Injection Vulnerabilities in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics Command Injection Vulnerability in Mutiny Standard before 4.5-1.12 Remote Authentication Bypass Vulnerability in Foscam and Wansview IP Cameras Open Redirect Vulnerability in Siemens WinCC 7.0 SP3 before Update 2 Untrusted Search Path Vulnerabilities in RealFlex RealWin, FlexView, and RealWinDemo Untrusted Search Path Vulnerability in Invensys Wonderware InTouch 2012 and Earlier Insufficient Entropy in mGuard Appliances: A Threat to HTTPS and SSH Servers Stack-based Buffer Overflow in Invensys Wonderware SuiteLink Stack-based Buffer Overflow in OSIsoft PI OPC DA Interface Remote Database Administrative Access Vulnerability in Siemens COMOS Remote Code Execution and Denial of Service Vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal Arbitrary File Read Vulnerability in Fultek WinTr Scada 4.0.5 and Earlier Arbiter Power Sentinel 1133A Firmware Denial of Service Vulnerability Default Password Vulnerability in WAGO I/O System 758 Industrial PC Devices Hardcoded Password Vulnerability in GarrettCom Magnum MNS-6K Management Software Untrusted Search Path Vulnerability in Siemens SIMATIC STEP7: Privilege Escalation via Trojan Horse DLL Denial of Service Vulnerability in Siemens SIMATIC S7-400 PN CPU Devices Denial of Service Vulnerability in Siemens SIMATIC S7-400 PN CPU Devices Improper Encryption Algorithm in ICONICS GENESIS32 and BizViz Allows for Administrative Access Bypass Unspecified Default Password Vulnerability in Siemens Synco OZW Web Server Devices Remote Code Execution and Denial of Service Vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal Arbitrary Program Execution Vulnerability in TrendLink ActiveX Control Predictable Session IDs and Keys in Tridium Niagara AX Framework Cleartext Base64 Transmission of Credentials in Tridium Niagara AX Framework Remote Code Execution and Denial of Service Vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal Siemens WinCC 7.0 SP3 and Earlier Cross-Site Request Forgery (CSRF) Vulnerability Insufficient Access Control in Siemens WinCC 7.0 SP3 and Earlier Allows Remote Information Disclosure Multiple Cross-Site Scripting (XSS) Vulnerabilities in Siemens WinCC 7.0 SP3 and Earlier SQL Injection Vulnerability in Siemens WinCC 7.0 SP3 and Earlier: Remote Code Execution via Crafted SOAP Message Username and Password Disclosure in Siemens WinCC 7.0 SP3 and Earlier Emerson DeltaV Buffer Overflow Vulnerability Vulnerability: Spoofing of Siemens SIMATIC S7-1200 Web Server via Forged Certificate Insufficient Entropy in Moxa OnCell Gateway SSH and SSL Keys Siemens SIMATIC S7-1200 PLCs XSS Vulnerability Cisco Scientific Atlanta D20 and D30 Cable Modems XSS Vulnerability Denial of Service Vulnerability in Cisco NX-OS 5.2 and 6.1 on Nexus 7000 Series Switches (Bug ID CSCtr44822) Untrusted Search Path Vulnerability in Cisco VPN Client 5.0 (Bug ID CSCua28747) Buffer Overflow in Cisco WebEx ARF Player Cisco WebEx Recording Format (WRF) Player Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Cisco WebEx Recording Format (WRF) Player Buffer Overflow Vulnerability in Cisco WebEx Recording Format (WRF) Player Cisco WebEx Recording Format (WRF) Player Heap-Based Buffer Overflow Vulnerability Denial of Service Vulnerability in Cisco ASA and ASASM Devices (Bug ID CSCua27134) Denial of Service Vulnerability in Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 Cisco IOS MLD Snooping Denial of Service Vulnerability Improper Management IP Address Sharing in Cisco ACE Multicontext Mode Denial of Service Vulnerabilities in Cisco TelePresence Systems Arbitrary Command Execution Vulnerability in Cisco TelePresence Immersive Endpoint Devices (Bug ID CSCtz38382) Arbitrary Command Execution Vulnerability in Cisco TelePresence Immersive Endpoint Devices (Bug ID CSCtn99724) Arbitrary Command Execution Vulnerability in Cisco TelePresence Recording Server (Bug ID CSCth85804) Cisco IOS 12.2 Denial of Service Vulnerability (Bug ID CSCtn78957) Unvalidated ScanSafe Header Handling Vulnerability in Cisco AnyConnect Secure Mobility Client Arbitrary X.509 Server Certificate Acceptance Vulnerability in Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability in Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 (CSCtd79132) Unspecified vulnerability in glBufferData function in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Availability Vulnerability in Oracle Outside In Technology Component in Oracle Fusion Middleware 8.3.7 Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in Oracle Sun Solaris 10 Unspecified vulnerability in PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 Unspecified Remote Code Execution Vulnerability in Oracle Transportation Management Unspecified Integrity Vulnerability in Oracle MapViewer Component Unspecified Local Confidentiality Vulnerability in Oracle Transportation Management Unspecified Confidentiality Vulnerability in Oracle Transportation Management Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to compromise confidentiality Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HRMS Component Remote Denial of Service Vulnerability in Oracle Sun Solaris 8 Unspecified Remote Availability Vulnerability in Oracle Sun Solaris 9 and 10 Unspecified Local Vulnerability in Oracle Sun Solaris 8 and 9 Affecting Confidentiality and Integrity via Sort Remote Code Execution Vulnerability in Oracle Sun Solaris 10 via Apache HTTP Server Remote Code Execution Vulnerability in Oracle Sun Solaris 10 Unspecified Remote Availability Vulnerability in Oracle Sun Solaris 8, 9, and 10 Unspecified vulnerability in Solaris Cluster component allows local users to affect confidentiality, integrity, and availability via Apache Tomcat Agent. Remote Denial of Service Vulnerability in Oracle Sun Solaris 10 Unspecified vulnerability in Oracle SPARC T-Series Servers: Confidentiality, Integrity, and Availability Impact via Integrated Lights Out Manager Unspecified Remote Code Execution Vulnerability in Oracle Sun Solaris 10 Unspecified Remote Integrity Vulnerability in Oracle Sun Solaris 11 Remote Confidentiality Vulnerability in Oracle Sun Solaris 9, 10, and 11 via Network/NFS Oracle Database Server SQL Injection Vulnerability DataDirect ODBC Driver Buffer Overflow Vulnerability Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified Remote Code Execution Vulnerability in Oracle JRockit Component Unspecified vulnerability in Oracle Java SE 7 Update 6 and earlier Stealth Password Cracking Vulnerability in Oracle Database Server Unspecified Remote Integrity Vulnerability in Oracle iStore Component Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in Oracle Agile PLM For Process component in Oracle Supply Chain Products Suite 6.0.0.6.3 and 6.1.0.1.14 Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component affecting confidentiality Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows local users to affect confidentiality Unspecified Remote Integrity Vulnerability in Oracle Database Server Unspecified Remote Code Execution Vulnerability in MySQL Server Component Unspecified Remote Integrity Vulnerability in Oracle Field Service Component Unspecified Confidentiality Vulnerability in MySQL Server Component Unspecified Remote Availability Vulnerability in MySQL Server Unspecified Local Vulnerability in Oracle Database Server on Unix and Linux Platforms Unspecified vulnerability in Oracle Reports Developer component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 Unspecified vulnerability in Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 Unspecified vulnerability in CORBA ORB component in GlassFish and Java System Application Server allows remote attackers to affect availability Unspecified Remote Availability Vulnerability in Oracle MySQL Server Unspecified Remote Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Remote Code Execution Vulnerability in MySQL Server Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Unspecified Local Privilege Escalation Vulnerability in MySQL Server Unspecified Remote Integrity Vulnerability in Oracle Agile PLM Framework Unspecified Local User Confidentiality Vulnerability in Oracle Applications Framework Unspecified vulnerability in MySQL Server component allows remote authenticated users to affect confidentiality, integrity, and availability Unspecified Integrity Vulnerability in Oracle Marketing Component in Oracle E-Business Suite Unspecified Local Vulnerability in Oracle Sun Solaris Affecting Confidentiality and Integrity via Mailx Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified vulnerability in Oracle E-Business Suite's Oracle Applications Technology Stack component affecting confidentiality via Autoconfig Templates Unspecified Remote Code Execution Vulnerability in Siebel CRM Component Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified vulnerability in Oracle Java 7 before Update 11 Unspecified Remote Integrity Vulnerability in Oracle Application Server Single Sign-On Component Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.52 Unspecified Remote Availability Vulnerability in MySQL Server Unspecified Local Kernel Vulnerability in Oracle Sun Solaris 11 Unspecified Integrity Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Security Vulnerability in Oracle PeopleSoft Products Unspecified Remote Code Execution Vulnerability in Oracle PeopleSoft Products 8.52 Unspecified vulnerability in Oracle WebCenter Sites component in Oracle Fusion Middleware Unspecified integrity vulnerability in Oracle WebCenter Sites component Unspecified vulnerability in Oracle WebCenter Sites component in Oracle Fusion Middleware Unspecified vulnerability in Oracle WebCenter Sites component in Oracle Fusion Middleware Unspecified Local Vulnerability in Oracle Sun Solaris 10 Kernel Unspecified Integrity Vulnerability in Oracle PeopleSoft Products 8.50 and 8.51 Remote Code Execution Vulnerability in Oracle Sun Solaris 11 Oracle Universal Work Queue Component Vulnerability Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to affect availability via unknown vectors related to Data Mover Unspecified Integrity Vulnerability in PeopleSoft PeopleTools Component Unspecified Confidentiality Vulnerability in Oracle BI Publisher Component Unspecified Remote Integrity Vulnerability in Oracle BI Publisher Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Human Resources component in Oracle E-Business Suite: Confidentiality and Availability Impact via PDF Generation Unspecified Remote Availability Vulnerability in MySQL Server Replication Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote authenticated users to affect availability via unknown vectors related to Query. Unspecified Local Vulnerability in Oracle Sun Solaris 10 and 11 Affecting Gnome Trusted Extension Unspecified vulnerability in Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise Campus Solutions Component Unspecified vulnerabilities in Oracle JRockit component in Oracle Fusion Middleware Unspecified Local Vulnerability in Oracle Sun Solaris 11 GDM Unspecified Power Management Vulnerability in Oracle Sun Solaris 11 Unspecified Local Integrity Vulnerability in Oracle Sun Solaris 11 Related to Vino Server Unspecified vulnerability in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers Unspecified Local Kernel Vulnerability in Oracle Sun Solaris 9, 10, and 11 Local Privilege Escalation Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified Local Vulnerability in Oracle Sun Solaris 10 and 11 on SPARC Unspecified Remote Availability Vulnerability in Oracle Sun Solaris 11 Kernel Unspecified Local Denial of Service Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified Local Availability Vulnerability in Oracle Sun Solaris 10 and 11 on SPARC T4 Servers Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. Unspecified Availability Vulnerability in Oracle Outside In Technology Component Unspecified Local Confidentiality Vulnerability in Oracle Sun Solaris 10 and 11 on SPARC Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in Oracle E-Business Suite Human Resources component allows remote authenticated users to compromise confidentiality and integrity via unknown vectors related to Security Groups. Unspecified integrity vulnerability in Oracle Enterprise Manager Grid Control EM Base Platform and EM DB Control Unspecified vulnerability in Oracle Database Server Spatial Component Unspecified vulnerability in Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 Unspecified Remote Availability Vulnerability in Oracle iRecruitment Component Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote authenticated users to affect confidentiality Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote authenticated users to affect confidentiality Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote authenticated users to compromise confidentiality and integrity Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component allows remote authenticated users to affect confidentiality and integrity Unspecified Remote Integrity Vulnerability in Oracle FLEXCUBE Universal Banking Component Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote authenticated users to affect integrity and availability Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 CSRF Vulnerabilities in web@all 2.0 Allow Remote Code Execution Arbitrary Web Script Injection Vulnerability in web@all 2.0 search.php Cross-site scripting (XSS) vulnerability in Kayako Fusion allows remote script injection via PATH_INFO RealPlayer Codec Frame Size Denial of Service Vulnerability NULL Pointer Dereference and Application Crash in GIMP's fits-io.c Arbitrary Script Injection in WebAdmin Backup/Restore Component Remote Code Execution Vulnerability in Walrus Service of Eucalyptus 2.0.3 and 3.0.x Authentication Bypass Vulnerability in VMware Broker API SEOgento Plugin for Magento XSS Vulnerability Unspecified Denial of Service Vulnerability on HP Integrity Servers Unspecified Information Disclosure Vulnerability in HP Fortify Software Security Center Information Disclosure Vulnerability in HP Fortify Software Security Center Unspecified Denial of Service Vulnerability in HP Service Manager and HP Service Center Servers Arbitrary Web Script Injection Vulnerability in HP Service Manager and Service Center Web Tier Unspecified Denial of Service Vulnerability in HP Serviceguard A.11.19 and A.11.20 Arbitrary Code Execution Vulnerabilities in HP Intelligent Management Center (IMC) Arbitrary Code Execution Vulnerability in HP iNode Management Center Arbitrary Web Script Injection Vulnerability in HP Business Availability Center (BAC) 8.07 CSRF Vulnerability in HP Business Availability Center (BAC) 8.07 Remote Session Hijacking Vulnerability in HP Business Availability Center (BAC) 8.07 Unspecified Remote Code Execution Vulnerability in HP Operations Orchestration 9.0 Unspecified Remote Code Execution Vulnerability in HP SiteScope SOAP Feature (ZDI-CAN-1461) Unspecified Remote Code Execution Vulnerability in HP SiteScope SOAP Feature (ZDI-CAN-1462) Unspecified Remote Code Execution Vulnerability in HP SiteScope SOAP Feature (ZDI-CAN-1463) Unspecified Remote Code Execution Vulnerability in HP SiteScope SOAP Feature (ZDI-CAN-1464) Arbitrary Code Execution Vulnerability in HP SiteScope SOAP Feature (ZDI-CAN-1465) Unspecified Remote Code Execution Vulnerability in HP SiteScope SOAP Feature (ZDI-CAN-1472) Unspecified Remote Information Disclosure Vulnerability in IBRIX X9000 Storage Unspecified Remote Information Disclosure Vulnerability in HP Network Node Manager i (NNMi) 9.20 Improper Access Control in HP and Huawei Networking Products Unspecified Remote Code Execution Vulnerability in HP Performance Insight 5.31, 5.40, and 5.41 Unspecified Remote Code Execution Vulnerability in HP Performance Insight 5.31, 5.40, and 5.41 Unspecified Remote Information Disclosure Vulnerability in HP Integrated Lights-Out (iLO) Firmware Arbitrary web script injection vulnerability in multiple HP LaserJet printers Unspecified Remote Information Disclosure Vulnerabilities in HP LaserJet Pro 400 MFP M425 and LaserJet 400 M401 Remote Code Execution Vulnerability in HP Intelligent Management Center (IMC) Unspecified Remote Code Execution Vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 Denial of Service Vulnerability in HP OpenVMS ACMELOGIN Programs Denial of Service Vulnerability in HP OpenVMS ACMELOGIN Programs Remote Code Execution Vulnerability in HP Diagnostics Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 Unspecified Remote Operation Vulnerabilities on HP NonStop Servers H06.x and J06.x Unspecified Denial of Service Vulnerability in HP XP P9000 Command View Advanced Edition Unspecified Remote Code Execution Vulnerability in HP LeftHand Virtual SAN Appliance Unspecified Remote Code Execution Vulnerability in HP LeftHand Virtual SAN Appliance Unspecified Remote Code Execution Vulnerability in HP LeftHand Virtual SAN Appliance Unspecified Remote Code Execution Vulnerability in HP LeftHand Virtual SAN Appliance (ZDI-CAN-1513) Unspecified Remote Vulnerability in HP ArcSight Connector Appliance and ArcSight Logger Insufficient Algorithmic Complexity in Poul-Henning Kamp md5crypt Arbitrary Code Execution and Denial of Service Vulnerability in VMware Products Denial of Service Vulnerability in VMware Workstation, Player, ESXi, and ESX Unspecified Vulnerabilities in Google Chrome on Acer AC700, Samsung Series 5, 5 550, Chromebox 3, and Cr-48 Chromebook Platforms Remote Denial of Service Vulnerability in OpenConnect 3.18 via Crafted Greeting Banner Privilege Escalation via GridFTP in Globus Toolkit Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server Administrative Console Cross-Site Request Forgery (CSRF) Vulnerabilities in IBM WebSphere MQ File Transfer Edition and Managed File Transfer Bypassing Security-Configuration Setup in IBM WebSphere MQ 7.1 Arbitrary Code Injection via Help Link in IBM Power Hardware Management Console (HMC) IBM Tivoli Monitoring Embedded HTTP Server Cross-Site Scripting (XSS) Vulnerability Unspecified Remote Code Execution Vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 4 REST Services Framework Denial of Service Vulnerability in IBM WebSphere Commerce 7.0 CRLF Injection Vulnerabilities in IBM Lotus Domino 8.5.x Cross-Site Scripting (XSS) Vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 Session Hijacking Vulnerability in IBM WebSphere Application Server (WAS) Administrative Console Arbitrary File Overwrite Vulnerability in IBM WebSphere Application Server (WAS) Unspecified Impact and Remote Attack Vectors in IBM WebSphere Application Server (WAS) IBM Sametime 8.0.2 through 8.5.2.1 IM Chat Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in IBM InfoSphere Guardium 8.2 and Earlier Cleartext Password Disclosure Vulnerability in IBM Tivoli Federated Identity Manager Bypass of Access Restrictions in IBM WebSphere Application Server (WAS) Cleartext Transmission of Database Credentials in IBM InfoSphere Guardium 8.2 and Earlier Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management Remote Session Establishment Vulnerability in IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) Unauthenticated Resource Download Vulnerability in IBM Tivoli Federated Identity Manager Arbitrary web script injection vulnerability in IBM Maximo Asset Management and related products Privilege Escalation Vulnerability in IBM WebSphere Message Broker Information Disclosure Vulnerability in IBM Rational Business Developer 8.x Bypassing Access Restrictions in IBM SmartCloud Control Desk 7.5 via Expired Password Vulnerability Arbitrary web script injection vulnerability in IBM Maximo Asset Management and related products Privilege Escalation Vulnerability in IBM Maximo Asset Management Directory Traversal Vulnerability in UTL_FILE Module in IBM DB2 and DB2 Connect 10.1 on Windows Unvalidated Credentials Vulnerability in IBM WebSphere Application Server Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management 7.5 Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management and Related Products Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management and Related Products Arbitrary File Overwrite Vulnerability in IBM Advanced Settings Utility (ASU) and Bootable Media Creator (BoMC) on Linux Denial of Service Vulnerability in IBM WebSphere Application Server and WebSphere Virtual Enterprise IBM Sametime Log Database Information Disclosure Vulnerability CRLF Injection Vulnerability in IBM Maximo Asset Management and SmartCloud Control Desk Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) allows remote code execution via crafted SET COLLATION statement SQL Injection Vulnerability in IBM InfoSphere Guardium 8.0, 8.01, and 8.2 Directory Traversal Vulnerability in IBM InfoSphere Guardium 8.0, 8.01, and 8.2 Improper Restrictions on User Account Creation in IBM InfoSphere Guardium 8.x XML External Entity Injection in IBM InfoSphere Guardium 8.0, 8.01, and 8.2 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 Unspecified Remote Code Execution Vulnerability in Oracle Java SE Cross-Site Request Forgery (CSRF) Vulnerability in Microdasys before 3.5.1-B708 Symlink Attack Vulnerability in ioquake3 Before r2253 AutoFORM PDM Archive before 7.0 JMX Console Authentication Bypass Vulnerability SQL Injection Vulnerability in Webmatic 3.1.1 index.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in LongTail Video JW Player through 5.10.2295 Arbitrary File Import Vulnerability in Apache Sling JCR ContentLoader 2.1.4 XmlReader Information Disclosure Vulnerability in DokuWiki's doku.php Arbitrary Code Execution via Symlink Attack in GNOME Rhythmbox 0.13.3 and Earlier Bypassing Access Restrictions in ViewVC's Remote SVN Views Functionality Log Message Leakage in ViewVC SVN Revision View Heap-based Buffer Overflow in OpenJPEG 1.5's j2k_read_sot Function Insecure Storage of Credentials in Luci's __ac Session Cookie Arbitrary File Write Vulnerability in OpenStack Compute (Nova) Folsom and Essex Arbitrary File Overwrite Vulnerability in OpenStack Compute (Nova) Folsom, Essex, and Diablo CSRF Vulnerability in eXtplorer 2.1 RC3 and Earlier: Unauthorized Addition of Administrator Account XML External Entity (XXE) Injection in Zend_XmlRpc Stack-based buffer overflows in Linux kernel NCI interface allow remote code execution Bypassing open_basedir Protection in SQLite Functionality in PHP Arbitrary Command Execution Vulnerability in Bcfg2 Trigger Plugin Remote attackers can revoke CA certificate in Red Hat and Dogtag Certificate Systems Integer Signedness Error in dtach 0.8 Allows Remote Information Disclosure Privilege Escalation via Null Password in JBoss Enterprise Application Platform (EAP) and Related Platforms Privilege Escalation via Insecure Credential Retrieval in JBoss EAP, EWP, BRMS, and SOA Platforms Denial of Service Vulnerability in Nova Scheduler with DifferentHostFilter or SameHostFilter Default Configuration of Cyberoam UTM Appliances Allows for SSL Server Spoofing Apache Wicket Cross-Site Scripting (XSS) Vulnerability via Ajax Link URL Arbitrary Code Execution via Crafted Inline Image in Pidgin MXit Protocol Plugin Denial of Service Vulnerability in Linux Kernel's epoll_ctl System Call Kerberos-enabled DataNodes in Apache Hadoop 2.0.0 alpha allow unauthorized access to blocks Heap-based Buffer Overflow in OGG Demuxer in VLC Media Player Predictable Temporary File Names Vulnerability in GNOME at-spi2-atk 2.5.2 Naxsi-UI Directory Traversal Vulnerability Privilege Escalation via Zero-Length Directory Name in sfcb Arbitrary Web Script Injection via Forbidden Extension in Mono 2.10.8 and Earlier Unfiltered HTML Capability Bypass Vulnerability in WordPress 3.4.x WordPress Customizer Cross-Site Request Forgery (CSRF) Vulnerability Unrestricted Access to Private and Draft Posts in WordPress Race Condition Vulnerability in GNU Automake's make distcheck Rule Bypassing Alias Restrictions in Moodle 2.3.x Caching Vulnerability in Moodle's is_enrolled Function Cross-Site Scripting (XSS) Vulnerabilities in Moodle 2.2.x and 2.3.x File Access Vulnerability in Moodle 2.1.x and 2.2.x Bypassing Access Restrictions in Moodle Q&A Forum via RSS Feed Bypassing Forum-Subscription Requirements in Moodle 2.1.x and 2.2.x Arbitrary Web Script Injection in Moodle Repository Renaming LDAP Login URL Redirection Vulnerability in Moodle 2.x Arbitrary SQL Command Execution in Moodle's mod/feedback/complete.php Arbitrary Web Script Injection in Moodle 2.x Bypassing Group-Membership Requirement in Moodle Activities Denial of Service Vulnerability in Moodle's Advanced Search Feature Arbitrary Command Execution in Basilic 1.5.14 via Config/diff.php Heap-based Buffer Overflow in Linux Kernel's udf_load_logicalvol Function Heap-based Buffer Overflow in t2p_read_tiff_init function of LibTIFF Integer Overflow in Adobe Photoshop PSD Plugin in GIMP 2.2.13 and Earlier Heap-based Buffer Overflow in GIMP KiSS CEL File Format Plug-in Buffer Length Calculation Vulnerability in vfprintf Function in GNU C Library (glibc) Buffer Length Calculation Vulnerability in vfprintf Function in glibc Vulnerability in vfprintf function in GNU C Library (glibc) allows for format string exploitation Local Buffer Overflow Vulnerability in Plow Software IP Address Spoofing Vulnerability in Puppet Network Authstore Privilege Escalation Vulnerability in eCryptfs-Utils SUID Helper Stack-based Buffer Overflow in GNU Bash Allows Bypass of Restricted Shell Access Dnsmasq Denial of Service Vulnerability via Spoofed DNS Query Denial of Service Vulnerability in Solarflare Solarstorm Driver Arbitrary Web Script Injection in KDE PIM 4.6-4.8 Arbitrary Script Injection via SWFUpload.swf in WordPress and Other Products Host-based Authentication Bypass in Condor before 7.8.2 Bypassing TCP Wrappers Rules in Linux DiskQuota (quota) Multiple Vulnerabilities in libpcp in Performance Co-Pilot (PCP) before 3.6.5 PCP Vulnerability: Information Disclosure via /proc File System Memory leaks in Performance Co-Pilot (PCP) before 3.6.5 can lead to denial of service Denial of Service Vulnerability in pduread function in libpcp Uninitialized Pointer Vulnerability in IcedTea-Web Plugin Uncontrolled Memory Access Vulnerability in IcedTea-Web Plugin Denial of Service Vulnerability in Ruby on Rails HTTP Digest Authentication Out-of-bounds read vulnerability in png_push_read_zTXt function in libpng Token Expiration Bypass Vulnerability in OpenStack Keystone Sensitive Information Disclosure in JBoss EAP 5.1.2 AMI due to Insecure Permissions Arbitrary Datasource Connection Access Vulnerability in IronJacamar Container LDAP Injection Vulnerability in bind-dyndb-ldap 1.1.0rc1 and earlier Uninitialized Structure Member Vulnerability in Linux Kernel RDS Socket Handling Unencrypted Login Credentials Vulnerability in Teiid JDBC Socket Denial of Service Vulnerability in Xen MMIO Emulator Denial of Service Vulnerability in Xen 4.0 and 4.1 Cross-Site Scripting (XSS) Vulnerabilities in Count Per Day WordPress Plugin Arbitrary SQL Command Execution in Zabbix Frontend (versions 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1) Denial of Service Vulnerability in OpenTTD 0.6.0 through 1.2.1 Improper Memory Allocation in Magick_png_malloc Function in ImageMagick Improper Memory Allocation in Magick_png_malloc Function in GraphicsMagick 6.7.8-6 Symlink Attack Vulnerability in Red Hat Sudo 1.7.2 on RHEL 5 Unrestricted Database Access Vulnerability in Icinga 1.7.1 Cross-Site Scripting (XSS) Vulnerability in Django's HttpResponseRedirect and HttpResponsePermanentRedirect Classes Denial of Service Vulnerability in Django ImageField Class Denial of Service Vulnerability in Django's get_image_dimensions Function Denial of Service Vulnerability in libvirt 0.9.13 Incorrect Regular Expression in Apache Libcloud SSL Server Verification Arbitrary File Overwrite Vulnerability in OpenStack Compute (Nova) 2012.1.x and Folsom Arbitrary PHP Code Execution Vulnerability in Ganglia Web before 3.5.1 World-writable permissions in Open vSwitch 1.4.2 allow arbitrary file deletion and overwrite Out-of-bounds read vulnerability in pdo_sql_parser.re in PHP PDO Extension Inconsistent SOAP Action String Execution Vulnerability in Apache CXF Screen Lock Bypass Vulnerability in gnome-screensaver World-writable permissions in logol 1.5.0 allow local users to delete or overwrite arbitrary files World-writable permissions in eXtplorer 2.1.0b6 allow local users to delete or overwrite arbitrary files Heap-based Buffer Overflow in Microsoft Import Filter in KOffice 2.3.3 and Earlier Heap-based Buffer Overflow in Microsoft Import Filter in Calligra 2.4.3 and Earlier World-readable permissions for process_perfdata.cfg in PNP4Nagios 0.6 through 0.6.16 allow local users to obtain the Gearman shared secret Insecure Session Encryption in Beaker Remote Code Execution via Crafted HTTP POST Request in Cumin PostgreSQL Database User Created Without Password During Installation Heap-based Buffer Overflow in libotr before 3.2.1 SSSD Access-Provider Logic Vulnerability Arbitrary Script Injection in Ruby on Rails Form Tag Helper Arbitrary web script injection vulnerability in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 Arbitrary web script injection vulnerability in Ruby on Rails strip_tags helper Unspecified Impact Vulnerability in GNOME gnome-keyring 3.4.0 through 3.4.1 NullAuthenticator Bypass Vulnerability in Apache QPID Multiple SQL Injection Vulnerabilities in Ushahidi Platform before 2.5 Multiple SQL Injection Vulnerabilities in Ushahidi Platform 2.5 SQL Injection Vulnerabilities in Ushahidi Platform's MY_Countries_Api_Object.php SQL Injection Vulnerabilities in Ushahidi Platform's Edit Functions Unauthenticated Remote Message Manipulation in Ushahidi Platform Unauthenticated Remote Attackers Can Generate Reports and Organize Comments in Ushahidi Platform Sensitive Information Disclosure in Ushahidi Platform Comments API Privilege Escalation Vulnerability in Ushahidi Platform Installer Cross-Site Scripting (XSS) Vulnerabilities in Ushahidi Platform 2.5 SQL Injection Vulnerability in NeoInvoice's signup_check.php Allows Remote Code Execution Bypassing Restricted Shell Access in rssh 2.3.3 and Earlier via Crafted Environment Variables Arbitrary Code Execution via Crafted File in Emacs Lisp Stack-based buffer overflow vulnerability in strtod in GNU C Library allows for denial of service and potential arbitrary code execution Integer Overflow in GIMP GIF Image Format Plug-in NTLM Authentication Vulnerability in Fetchmail 5.0.8 through 6.3.21 Privilege Escalation via Race Condition in Tunnelblick's runScript Function Privilege Escalation via Ownership and Permissions Test Bypass in Tunnelblick Privilege Escalation via Tunnelblick 3.3beta20 and Earlier Privilege Escalation via OpenVPN Event Script Execution in Tunnelblick Tunnelblick Race Condition Vulnerability: Unauthorized Process Termination XML External Entity (XXE) vulnerability in libxslt support in PostgreSQL versions 8.3 to 9.1 XML External Entity (XXE) vulnerability in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 Improper Privilege Escalation in Condor 7.6.x and 7.8.x Arbitrary Idle Job Removal Vulnerability in Condor 7.6.x and 7.8.x Weak Permissions in Condor Filesystem Authentication Directory Information Leakage and Arbitrary Job Control Vulnerability in condor_startd Denial of Service Vulnerability in Xen and Citrix XenServer Unvalidated Array Indexing in physdev_get_free_pirq Hypercall Denial of Service Vulnerability in XENMEM_populate_physmap Vulnerability in Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 Denial of Service and Memory Read Vulnerability in Xen and Citrix XenServer Cross-Site Scripting (XSS) Vulnerabilities in Apache HTTP Server 2.2.x and 2.4.x Arbitrary File Modification via Symlink Attack in devscripts and rpmdevtools Remote Code Execution via Unescaped URL in SquidClamav Improper Determination of Back-End Connection Closure in Apache HTTP Server 2.4.x Default Secret Token Vulnerability in Katello 1.0 and Earlier Local File Overwrite Vulnerability in crypto-utils 2.4.1-34 Denial of Service Vulnerability in Tinyproxy 1.8.3 and Earlier Unspecified Vulnerability in Apache OFBiz 10.04.x Arbitrary Web Script Injection via Email Subject in RoundCube Webmail Arbitrary Script Injection in Roundcube Webmail 0.8.0 Heap-based Buffer Overflow in GNU libiberty Use-after-free vulnerability in xacct_add_tsk function in Linux kernel Race conditions in madvise_remove function in Linux kernel Insecure Storage of Munin Plugin State Files Allows Arbitrary Code Execution Arbitrary File Creation and Configuration Modification in Munin CGI Unrestricted Hash Collision Vulnerability in OCaml Xml-Light Library Privilege Escalation via Crafted VT100 Sequence in Qemu Arbitrary Write Vulnerability in Xen 4.2 and Citrix XenServer 6.0.2 Use-after-free vulnerability in Tor DNS handling allows for remote denial of service Denial of Service Vulnerability in Tor's networkstatus_parse_vote_from_string Function Timing Side-Channel Vulnerability in Tor Routerlist Netlink Message Spoofing Vulnerability Directory Traversal Vulnerabilities in GeSHi CSSGen Contrib Module Arbitrary Web Script Injection Vulnerability in GeSHi contrib/langwiz.php STARTTLS Implementation in nnrpd in INN before 2.5.3 Allows Plaintext Command Injection Privilege Escalation via DBUS_SYSTEM_BUS_ADDRESS Environment Variable XMPP Server Dialback Spoofing Vulnerability Denial of Service Vulnerability in mod_rpaf 0.5 and 0.6 for Apache HTTP Server Arbitrary PHP Code Execution via Unserialized Objects in TYPO3 Backend Help System Arbitrary Web Script Injection in TYPO3 Backend Information Disclosure Vulnerability in TYPO3 Configuration Module Incomplete Blacklist Vulnerability in TYPO3's t3lib_div::quoteJSvalue API Function Arbitrary Web Script Injection in TYPO3 Install Tool CSRF Vulnerability in GateIn Portal Component in JBoss Enterprise Portal Platform 5.2.2 and Earlier oVirt 3.1 Python SDK and CLI SSL Certificate Spoofing Vulnerability Denial of Service Vulnerability in GNU Gatekeeper before 3.1 OpenJPEG 1.5.0 Heap-Based Buffer Overflow Vulnerability XSS Vulnerabilities in Hupa Webmail Application Arbitrary Shell Command Execution Vulnerability in Crowbar Deployer Barclamp Sensitive Password Logging Vulnerability in Red Hat CloudForms Open Redirect Vulnerability in OpenStack Dashboard (Horizon) Essex (2012.1) Arbitrary User Addition Vulnerability in OpenStack Keystone Hash Collision Denial of Service Vulnerability in Mono 2.10.x ASP.NET Web Forms Apache Tomcat Denial of Service Vulnerability Bypassing Security-Constraint Checks in Apache Tomcat Stack-based Buffer Overflow in FreeRADIUS TLS-based EAP Methods Denial of Service Vulnerability in Wireshark's dissect_drda Function Denial of Service Vulnerability in FreeBSD 8.2 SCTP Implementation Arbitrary Web Script Injection in Crowbar Framework Race condition vulnerability in Linux kernel IP implementation before version 3.0 allows remote attackers to cause denial of service and system crash through packet transmission to an application that modifies socket options during network traffic handling. Denial of Service Vulnerability in Asterisk Open Source 10.x before 10.5.1 Arbitrary SQL Command Execution in RSGallery2 Component for Joomla! Hidden Keyboard Navigation Vulnerability in Opera Double-click pop-up window vulnerability in Opera before 11.65 Cross-Domain JSON Reading Vulnerability in Opera before 11.65 Address Field Spoofing Vulnerability in Opera before 11.65 Unspecified Vulnerability in Opera for Mac OS X: Moderate Severity Issue Address Field Spoofing Vulnerability in Opera Memory Allocation Vulnerability in Opera Denial of Service Vulnerability in Opera before 12.00 Beta Denial of Service Vulnerability in Opera before 12.00 Beta Denial of Service Vulnerability in Opera before 12.00 Beta Denial of Service Vulnerability in Opera before 12.00 Beta User-Assisted Remote Denial of Service Vulnerability in Opera before 12.00 Beta Denial of Service Vulnerability in Opera before 12.00 Beta Denial of Service Vulnerability in Opera WebGL Rendering VMware OVF Tool 2.1 Format String Vulnerability Denial of Service Vulnerability in ISC DHCP 4.2.x Denial of Service Vulnerability in ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 Arbitrary PHP Code Execution in OSCC MyMeeting and MyMesyuarat Arbitrary Code Execution via Unrestricted File Upload in MM Forms Community Plugin for WordPress Arbitrary Code Execution via Unrestricted File Upload in RBX Gallery Plugin for WordPress Arbitrary Code Execution via Unrestricted File Upload in wpStoreCart Plugin Arbitrary Code Execution via Unrestricted File Upload in Nmedia Member Conversation Plugin Arbitrary Code Execution via Unrestricted File Upload in FCChat Widget Plugin for WordPress Default Password Vulnerability in Symantec Messaging Gateway (SMG) 10.0 Remote authenticated users can modify Symantec Messaging Gateway (SMG) web application through management interface Information Disclosure Vulnerability in Symantec Messaging Gateway (SMG) before 10.0 Session Management Vulnerability in Symantec PGP Universal Server 3.2.x Remote Code Execution Vulnerability in IrfanView PlugIns via Crafted JLS File APT Key Import Vulnerability Arbitrary File Read Vulnerability in Newsletter Plugin 1.5 for WordPress Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Uninitialized Memory Access Vulnerability in Apple Safari's WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Same Origin Policy Bypass Vulnerability in WebKit Arbitrary File Reading Vulnerability in Apple Safari's WebKit Same Origin Policy Bypass in Apple Safari WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Domain name spoofing vulnerability in Apple Safari before version 6.0 Information Disclosure Vulnerability in WebKit Drag-and-Drop Handling in Apple Safari Improper URL Canonicalization XSS Vulnerability in Apple Safari CRLF Injection Vulnerability in Apple Safari WebKit Arbitrary File Read Vulnerability in Apple Safari WebKit Keychain Entry Disclosure Vulnerability in Apple Xcode Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary Code Execution and Denial of Service Vulnerability in Apple iTunes WebKit Arbitrary File Reading Vulnerability in Apple Safari Form Autofill Vulnerability in Apple Safari HTTP Request Leakage in Apple Safari Arbitrary Code Execution and Denial of Service Vulnerability in CoreText Keystroke Interception Vulnerability in Apple Mac OS X Login Window and Screen Saver Unlock Arbitrary Code Execution via Embedded Web Plugins in Apple Mac OS X Mail Password Hash Disclosure in Apple Mac OS X Mobile Accounts Improper Authentication in Profile Manager Allows Enumeration of Managed Devices Uninitialized Memory Access Vulnerability in Sorenson Codec USB Hub Descriptor Vulnerability in Apple Mac OS X Improper Host Identification in CFNetwork Allows Information Disclosure MAC Address Leakage Vulnerability in Apple iOS DHCP Component Double Free Vulnerability in ImageIO Allows Remote Code Execution in Apple iOS Buffer Overflow Vulnerability in IPsec Component of Apple iOS Privilege Escalation Vulnerability in Apple iOS Kernel Uninitialized Memory Access Vulnerability in Apple iOS BPF Interpreter Content-ID Header Reuse Vulnerability in Apple iOS Mail before 6 Data Protection Bypass in Apple iOS Mail Attachment Handling Spoofing vulnerability in Apple iOS Mail app allows for S/MIME message sender address manipulation iMessage Reply Address Mismatch Vulnerability Cleartext Document Data Exposure in Apple iOS Office Viewer Passcode Lock Vulnerability in Apple iOS Allows App Exposure via Slide to Power Off FaceTime Call Exploit Allows Bypassing Passcode Lock in Apple iOS Passcode Lock Bypass Vulnerability in Apple iOS Passcode Lock Bypass Vulnerability in Apple iOS Camera-based bypass vulnerability in Apple iOS passcode lock Passcode Lock Bypass Vulnerability in Apple iOS Bypassing Apple ID Authentication via Disable Restrictions Vulnerability Spoofing HTTPS Connections via Unicode Character in Safari TITLE Element Unrestricted Access to System Logs in Apple iOS before 6 SMS Spoofing Vulnerability in Apple iOS Telephony Denial of Service Vulnerability in Apple iOS Cleartext File Content Disclosure in iOS UIWebView Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Race condition vulnerability in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote code execution or denial of service via JavaScript arrays. Kernel Address Disclosure Vulnerability in Apple iOS Extensions APIs Passcode Lock Bypass Vulnerability in Apple iOS Use-after-free vulnerability in Apple QuickTime plugin allows remote code execution or denial of service Buffer Overflow Vulnerability in Apple QuickTime TeXML Parsing Buffer Overflow Vulnerability in Apple QuickTime Plugin Use-after-free vulnerability in Apple QuickTime ActiveX Control allows remote code execution or denial of service Buffer Overflow Vulnerability in Apple QuickTime Buffer Overflow Vulnerability in Apple QuickTime 7.7.3 and Earlier Arbitrary Code Execution and Denial of Service Vulnerability in Apple QuickTime Buffer Overflow in Apple QuickTime TeXML File Parsing Unspecified Denial of Service Vulnerability in Bitcoin Software Arbitrary Web Script Injection in Adiscon LogAnalyzer Search Action Multiple SQL Injection Vulnerabilities in Simple Web Content Management System 1.1 Denial of Service Vulnerability in Pro-face WinGP PC Runtime and Pro-face Pro-Server EX Integer Overflow and Buffer Overflow Vulnerability in Pro-face WinGP PC Runtime and Pro-Server EX Denial of Service Vulnerability in Pro-face WinGP PC Runtime and ProServr.exe Denial of Service Vulnerability in Pro-face WinGP PC Runtime and ProServr.exe Information Disclosure Vulnerability in Pro-face WinGP PC Runtime and Pro-face Pro-Server EX Heap Memory Corruption Vulnerability in Pro-face WinGP PC Runtime and Pro-face Pro-Server EX Janrain Capture Module Vulnerability: Password Generation Input Leakage CSRF Vulnerabilities in Maestro Module for Drupal Allow Authentication Hijacking and XSS Arbitrary Web Script Injection via Group Title in Organic Groups (OG) Module for Drupal Unspecified Remote Commission Reading Vulnerability in Post Affiliate Pro (PAP) Module for Drupal Multiple Cross-Site Scripting (XSS) Vulnerabilities in Kajona before 3.4.2 NULL Pointer Dereference Vulnerability in Samsung Kies Allows for Remote Denial of Service Arbitrary File Execution Vulnerability in Samsung Kies Arbitrary File Modification Vulnerability in Samsung Kies before 2.5.0.12094_27_11 Arbitrary Directory Modification Vulnerability in Samsung Kies Registry Modification Vulnerability in Samsung Kies before 2.5.0.12094_27_11 Arbitrary Code Execution via Unrestricted File Upload in Avaya IP Office Customer Call Reporter Double free vulnerability in Asterisk Open Source versions 1.8.x and 10.x, Certified Asterisk versions 1.8.11-certx, and Asterisk Digiumphones versions 10.x.x-digiumphones allows remote authenticated users to cause a denial of service. Arbitrary PHP Code Execution via Unrestricted File Upload in Font Uploader Plugin for WordPress Buffer Overflow in Sielco Sistemi Winlog Pro and Winlog Lite SCADA Allows Remote Code Execution Denial of Service Vulnerability in WinRadius Server 2009 Denial of Service Vulnerability in ISC BIND DNSSEC Validation Unencrypted Password Vulnerability in Revelation FPM Exporter Stack Consumption Vulnerability in DartWebServer.dll 1.9 and Earlier: Remote Denial of Service (DoS) via Long Request SQL Injection Vulnerabilities in Arial Software Campaign Enterprise Arial Software Campaign Enterprise 11.0.551 - Security Bypass Vulnerability in activate.asp Unauthorized Access to User-Edit.asp Page in Arial Campaign Enterprise before 11.0.551 Clear Text Password Storage in Arial Campaign Enterprise before 11.0.551 Unauthenticated Access to Multiple Pages in Arial Campaign Enterprise before 11.0.551 Integer Overflow Vulnerabilities in Wireshark Dissectors Integer Underflows in Wireshark R3 Dissector Leading to Denial of Service Arbitrary Web Script Injection Vulnerability in Joomla! 2.5.3 Information Disclosure Vulnerability in Joomla! 2.5.3 via Host HTTP Header Arbitrary Script Injection in Decoda Video Directive Arbitrary Script Injection in Decoda's video.php Template Arbitrary Script Injection via decoda/Decoda.php in Decoda before 3.2 Arbitrary Script Injection in Quick.CMS 4.0 Admin Index Page SQL Injection Vulnerability in AlienVault OSSIM 3.1 Cross-Site Scripting (XSS) Vulnerabilities in AlienVault OSSIM 3.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Baby Gekko before 1.2.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Baby Gekko 1.2.0 and Earlier Information Disclosure Vulnerability in Gekko before 1.2.0 SQL Injection Vulnerabilities in MyClientBase 0.12: Remote Code Execution via invoice_number and tags Parameters Cross-Site Scripting (XSS) Vulnerabilities in MyClientBase 0.12 KMPlayer 3.2.0.19 Untrusted Search Path Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in JBMC Software DirectAdmin 1.403 e107 Registration Page XSS Vulnerability vBulletin 4.1.12 XSS Vulnerability in Post Subject Parameter LAN Messenger 1.2.28 Buffer Overflow Denial of Service Vulnerability Arbitrary Web Script Injection via title parameter in PHP-pastebin 2.1 Denial of Service Vulnerability in Invensys Wonderware SuiteLink Multiple Cross-Site Scripting (XSS) Vulnerabilities in Plixer Scrutinizer Unspecified vulnerability in Netsweeper WebAdmin Portal with unknown impact and attack vectors SIP reINVITE Provisional Response Denial of Service Vulnerability Arbitrary File Read Vulnerability in Puppet Server Directory Traversal Vulnerability in Puppet's Store.rb Allows Remote File Deletion Insecure Permissions for last_run_report.yaml in Puppet 2.7.x and Puppet Enterprise before 2.5.2 Improper Restriction of Characters in Certificate Signing Request Common Name Field in Puppet Race condition in ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 leading to denial of service Arbitrary Web Script Injection in REDAXO 4.3.x and 4.4 Open Constructor 3.12.0 - Multiple Cross-Site Scripting (XSS) Vulnerabilities in objects/createobject.php Open Constructor 3.12.0 - Cross-Site Scripting (XSS) Vulnerability in i_hybrid.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in Open Constructor 3.12.0 Multiple SQL Injection Vulnerabilities in Open Constructor 3.12.0 Multiple SQL Injection Vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 Insecure Authentication Implementation in AirDroid 1.0.4 Beta Weak Default Password Configuration in AirDroid 1.0.4 Beta Weak Encryption Algorithm in AirDroid 1.0.4 Beta Allows for Cleartext Data Retrieval Cleartext Base64 Data Transfer Vulnerability in AirDroid Bypassing Multiple-Login Protection in AirDroid 1.0.4 Beta Denial of Service and Memory Corruption Vulnerability in Winamp's in_mod Plugin Heap Memory Corruption Vulnerability in Winamp's in_mod Plugin Denial of Service Vulnerability in Cisco IOS FlexVPN Implementation (Bug ID CSCtz02622) Denial of Service Vulnerability in Cisco IOS 15.0 through 15.3 (Bug ID CSCty89224) Memory Allocation Vulnerability in Cisco IPS 4200 Series Sensors Denial of Service Vulnerability in Cisco IPS 4200 Series Sensors (Bug ID CSCta96144) Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Cisco Identity Services Engine (ISE) 3300 Series Appliances Denial of Service Vulnerability in Cisco VC220 and VC240 Cameras (Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019) Denial of Service Vulnerability in Cisco IOS 15.2 DMVPN Tunnel Implementation (Bug ID CSCtq39602) Denial of Service Vulnerability in Cisco IOS on Cisco 2900 Devices with VWIC2-2MFT-T1/E1 Card in TDM/HDLC Mode (Bug ID CSCub13317) Denial of Service Vulnerability in Cisco ACE Module 3.0 Denial of Service Vulnerability in Cisco IOS SSLVPN Implementation (Bug ID CSCte41827) Denial of Service Vulnerability in Cisco IOS SSLVPN Implementation (Bug ID CSCty97961) Denial of Service Vulnerability in Cisco Unified Presence and Jabber Extensible Communications Platform Remote Code Execution Vulnerability in Cisco WebEx Recording Format (WRF) Player Buffer Overflow Vulnerability in Cisco WebEx Recording Format (WRF) Player Remote Code Execution Vulnerability in Cisco WebEx Recording Format (WRF) Player Buffer Overflow Vulnerability in Cisco WebEx Recording Format (WRF) Player T27 and T28 Buffer Overflow Vulnerability in Cisco WebEx Recording Format (WRF) Player Cisco WebEx Recording Format (WRF) Player Heap-Based Buffer Overflow Vulnerability Opportunistic Bypass of Interface ACL Restrictions in Cisco IOS Denial of Service Vulnerability in Cisco Unified Communications Manager (CUCM) and Cisco IOS Denial of Service Vulnerability in Cisco IOS Intrusion Prevention System (IPS) Default Password Vulnerability in Plixer Scrutinizer Arbitrary Web Script Injection Vulnerability in phpList 2.10.19 Arbitrary SQL Command Execution in phpList Admin Panel Denial of Service Vulnerability in ISC DHCP 4.1.x and 4.2.x Denial of Service Vulnerability in ISC DHCP 4.1.x and 4.2.x MediaStreamGraphThreadRunnable::Run Use-After-Free Vulnerability Heap-based buffer overflow in nsBlockFrame::MarkLineDirty in Mozilla Firefox and Thunderbird before 15.0, Firefox ESR and Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12 allows remote code execution. Use-after-free vulnerability in nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 Use-after-free vulnerability in nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox and Thunderbird before 15.0 allows remote code execution or denial of service Use-after-free vulnerability in mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in RangeData implementation in Mozilla Firefox and Thunderbird Arbitrary Code Execution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in Mozilla Firefox and Thunderbird before 15.0 allows remote code execution Use-after-free vulnerability in gfxTextRun::GetUserData function in Mozilla Firefox and Thunderbird before 15.0 allows remote code execution or denial of service Arbitrary JavaScript Code Execution via about:newtab in Mozilla Firefox Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey WebGL Implementation Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey WebGL Use-After-Free Remote Code Execution Vulnerability Integer Overflow in nsSVGFEMorphologyElement::Filter Function in Mozilla Firefox and Thunderbird Use-after-free vulnerability in nsTArray_base::Length function in Mozilla Firefox and Thunderbird before 15.0 allows remote code execution or denial of service Arbitrary Code Execution and Memory Corruption in SIL Graphite 2 Heap-based Buffer Over-read Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Remote Code Execution Vulnerability in Mozilla Firefox Debugger Untrusted Search Path Vulnerability in Mozilla Firefox and Thunderbird Installers Information Disclosure Vulnerability in DOMParser Component X.509 Certificate Spoofing Vulnerability in Mozilla Firefox and SeaMonkey Security Bypass in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Code Execution Vulnerability in Mozilla Firefox for Android Arbitrary JavaScript Code Execution via Web Console in Mozilla Firefox and Thunderbird LDAP Injection Vulnerability in Bugzilla Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Spoofing Page Content via SELECT Element Navigation Vulnerability Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Bypassing Access Restrictions in Mozilla Firefox, Thunderbird, and SeaMonkey Privilege Escalation in Mozilla Firefox for Android's Reader Mode Use-after-free vulnerability in Mozilla Firefox and Thunderbird before 16.0 allows remote code execution Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in IME State Manager implementation in Mozilla Firefox and Thunderbird before 16.0 allows remote code execution Same Origin Policy Bypass in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey XrayWrapper Pollution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Information Disclosure Vulnerability in TikiWiki CMS/Groupware 8.3 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sticky Notes before 0.2.27052012.5 Multiple SQL Injection Vulnerabilities in Sticky Notes Arbitrary Web Script Injection Vulnerability in Sticky Notes 0.3.09062012.4 and Earlier Arbitrary Code Injection through Cross-Site Scripting (XSS) Vulnerability in FCKeditor Insecure Host Name Verification in mod_pagespeed Module for Apache HTTP Server CSRF Vulnerability in GLPI-PROJECT GLPI before 0.83.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 Arbitrary Code Injection Vulnerability in Sleipnir Mobile Application for Android Improper Handling of Implicit Intents in NHN Japan NAVER LINE Application for Android (CVE-2021-12345) Improper Implementation of WebView Class in GREE and KDDI&GREE Applications for Android Information Disclosure Vulnerability in mixi Application for Android Arbitrary Java Method Execution and Command Injection Vulnerability in Cybozu Live Application for Android Arbitrary JavaScript Code Execution and Information Disclosure in Cybozu Live Android App Address Bar Spoofing Vulnerability in Opera Arbitrary Code Execution and Information Disclosure in Cybozu KUNAI Android Application Arbitrary JavaScript Code Execution and Information Disclosure in Cybozu KUNAI Android Application Arbitrary JavaScript Code Execution and Information Disclosure in Cybozu KUNAI Browser for Remote Service Application Beta for Android Unspecified Denial of Service Vulnerability in McAfee Email Anti-virus myLittleAdmin for SQL Server 2000 XSS Vulnerability Information Disclosure Vulnerability in ATOK Application for Android Improper Implementation of WebView Class in jigbrowser+ Android App Allows Information Disclosure Arbitrary Script Injection in Final Beta Laboratory MyWebSearch (Version 1.23) via Keywords Parameter Arbitrary Web Script Injection Vulnerability in Tokyo BBS CGI Unprivileged Access to User Information in MosP Kintai Kanri Authentication Bypass Vulnerability in MosP Kintai Kanri Remote Code Execution Vulnerability in Pebble Blog System CRLF Injection Vulnerability in Pebble before 2.6.4 Allows HTTP Response Splitting Attacks Stack-based Buffer Overflow in unsquashfs.c in Squashfs 4.2 and Earlier Heap-based buffer overflow in unsquashfs in Squashfs 4.2 and earlier via crafted block_log field in superblock Remote Triggering of False Alerts in Johnson Controls Pegasys P2000 Server Tridium Niagara AX Framework Directory Traversal Vulnerability Credential Data Storage Vulnerability in Tridium Niagara AX Framework Arbitrary Web Script Injection in Chamilo LMS before 1.8.8.6 Arbitrary File Deletion Vulnerability in Chamilo before 1.8.8.6 Directory Traversal Vulnerabilities in Wangkongbao CNS-1000 and 1100's src/acloglogin.php Open Redirect Vulnerability in WebsitePanel Login Page Unspecified Vulnerabilities in Zingiri Web Shop Plugin for WordPress Multiple SQL Injection Vulnerabilities in PBBoard 2.1.4 Arbitrary User Account Password Change Vulnerability in PBBoard 2.1.4 Unrestricted File Upload Vulnerability in PBBoard 2.1.4 Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerabilities in Transmission Web Client Arbitrary Script Injection in Palo Alto Networks Global Protect Portal Heap-based Buffer Overflow Vulnerabilities in Winamp D-Link DCS-932L Camera Firmware 1.02 Password Disclosure Vulnerability Denial of Service Vulnerability in Wireshark PPP Dissector Denial of Service Vulnerability in Wireshark NFS Dissector Unspecified Vulnerabilities in Google Chrome OS with Unknown Impact and Attack Vectors CSRF Vulnerabilities in JAMF Casper Suite Allow Authentication Hijacking Jease 2.9 Multiple Cross-Site Scripting (XSS) Vulnerabilities CSRF Vulnerability in eZOE Flash Player in eZ Publish 4.1-4.6 Buffer Overflow Vulnerability in CPE17 Autorun Killer 1.7.1 and Earlier via Crafted INF File SQL Injection Vulnerability in Uiga Fan Club's index2.php Allows Remote Code Execution via p Parameter SQL Injection Vulnerability in Uiga Personal Portal's index2.php Allows Remote Code Execution via p Parameter Remote Code Execution Vulnerability in Remote-Anything Player 5.60.15 Arbitrary Script Injection via Email Subject in SocketMail Pro 2.2.9 CSRF Vulnerability in SocketMail Pro 2.2.9 Allows Unauthorized User Security Question Modification SQL Injection Vulnerabilities in ASP-Dev XM Forums RC3 SQL Injection Vulnerabilities in ASP-Dev XM Diary: Remote Code Execution XML Signature Transform Denial of Service Vulnerability in Apache Santuario Configuration Improper Binding of External SOAP Messages in Eucalyptus before 3.1.1 Unrestricted Binding of External SOAP Web-Services Messages in Eucalyptus Unauthenticated Deletion and Snapshot Upload Vulnerability in Walrus Internal Message Protocol Denial of Service Vulnerability in Walrus Eucalyptus 3.2.2 Heap-based Buffer Overflow in Citrix Provisioning Services SoapServer Service Insufficient Access Control in Dir2web 3.0 Allows Remote Database Download SQL Injection Vulnerability in Dir2web 3.0: Remote Code Execution via oid Parameter Arbitrary Script Injection in RSGallery2 Comments Module Hardcoded X.509 Certificate Vulnerability in Cisco Unified Computing System (UCS) Unverified X.509 Certificate Vulnerability in Cisco UCS KVM Subsystem Hardcoded Private Key Vulnerability in Cisco UCS BMC Privilege Escalation and Arbitrary Command Execution Vulnerability in Cisco NX-OS Privilege Escalation and Arbitrary Command Execution Vulnerability in Cisco NX-OS Privilege Escalation and Arbitrary Command Execution Vulnerability in Cisco NX-OS Cisco UCS BMC SSH Escape Sequence Authentication Bypass Vulnerability XML API Service Denial of Service Vulnerability in Cisco UCS Denial of Service Vulnerability in Cisco Unified Computing System (UCS) MCServer Privilege Escalation Vulnerability in Cisco Unified Computing System (UCS) Fabric Interconnect Device (Bug ID CSCtg20749) Buffer Overflow Vulnerabilities in Cisco UCS Administrative Web Interface (Bug ID CSCtg20751) Cisco Unified Computing System (UCS) Fabric Interconnect Cross-Site Request Forgery (CSRF) Vulnerability IPMI Username Enumeration Vulnerability in Cisco UCS Blade Management Controller Remote Code Execution Vulnerability in Cisco UCS Fabric Interconnect Setup Script (Bug ID CSCtg20790) Remote Code Execution Vulnerability in Cisco UCS Cluster Setup Script Hardcoded Password Vulnerability in Cisco UCS FTP Server (Bug ID CSCtg20769) Arbitrary BMC Command Execution Vulnerability in Cisco UCS Fabric Interconnect (Bug ID CSCtg76239) Information Disclosure Vulnerability in Cisco NX-OS Management Interface on Nexus 7000 Devices (Bug ID CSCti09089) Denial of Service Vulnerability in Cisco NX-OS RIP Service Engine (Bug ID CSCtj73415) Improper Identity Validation in Cisco UCS Central Software Management Interface (Bug ID CSCtk00683) Denial of Service Vulnerability in Cisco UCS Manager Component (Bug ID CSCtl00186) Buffer Overflow Vulnerability in Cisco UCS Smart Call Home Feature Privilege Escalation and Arbitrary File Access Vulnerability in Cisco UCS Local File Editor Privilege Escalation and Arbitrary File Modification Vulnerability in Cisco UCS BMC BGP Implementation in Cisco NX-OS Denial of Service Vulnerability BGP AS Path Filtering Vulnerability in Cisco NX-OS (Bug ID CSCtn13055) BGP AS Path Filtering Vulnerability in Cisco NX-OS (Bug ID CSCtn13065) Privilege Escalation Vulnerability in Cisco UCS Fabric-Interconnect Component (Bug ID CSCtq02600) Privilege Escalation via Ethanalyzer in Cisco UCS Fabric-Interconnect Component (Bug ID CSCtq02686) Absolute Path Traversal Vulnerability in Cisco UCS Fabric-Interconnect Image-Download Process Fabric-Interconnect Component Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco UCS Fabric Interconnect (Bug ID CSCtq86477) Privilege Escalation and Arbitrary Command Execution in Cisco UCS Fabric-Interconnect Component (Bug ID CSCtq86489) Privilege Escalation and Command Execution Vulnerability in Cisco UCS Fabric Interconnect (Bug ID CSCtq86554) Privilege Escalation Vulnerability in Cisco UCS Fabric Interconnect Component (Bug ID CSCtq86559) Privilege Escalation via run-script in Cisco UCS Fabric Interconnect (Bug ID CSCtq86560) Privilege Escalation Vulnerability in Cisco UCS Fabric-Interconnect Component (Bug ID CSCtq86563) Privilege Escalation and Arbitrary Command Execution in Cisco UCS Baseboard Management Controller (BMC) (CSCtr43330) Privilege Escalation and Arbitrary File Read Vulnerability in Cisco UCS Fabric-Interconnect Component (Bug ID CSCtr43374) Unencrypted Video Data Vulnerability in Cisco UCS Fabric-Interconnect KVM Module Unencrypted KVM Virtual-Media Data Vulnerability in Cisco UCS Unencrypted KVM Media Traffic Vulnerability in Cisco UCS Fabric-Interconnect Component in Cisco UCS: X.509 Certificate Verification Vulnerability Privilege Escalation and Arbitrary File Access Vulnerabilities in Cisco NX-OS Vulnerability: Local Privilege Escalation and File Manipulation in Cisco NX-OS CLI Parser Directory Traversal Vulnerability in Cisco NX-OS Tar Command Directory Traversal Vulnerability in Cisco NX-OS 6.1(2) and Earlier Fabric Interconnect High-Availability Service Vulnerability Cisco NX-OS CLI Parser Directory Traversal Vulnerability Cross-Site Scripting (XSS) Vulnerability in Opera Versions Before 12.01 Arbitrary File Execution via Opera Download Dialog Window Cross-Site Scripting (XSS) Vulnerability in Opera Versions Before 12.01 Unspecified Vulnerability in Opera: Low Severity Issue Denial of Service Vulnerability in Opera Browser (CVE-2012-1938) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat 9.x and 10.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat on Mac OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat on Mac OS X Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution via Integer Overflow in Adobe Flash Player and Adobe AIR Cross-Domain Content Reading Vulnerability in Adobe Flash Player and Adobe AIR Remote Code Execution Vulnerability in Adobe Photoshop CS6 13.x Adobe Flash Player and Adobe AIR Logic Error Denial of Service Vulnerability Buffer Overflow in Adobe Shockwave Player (pre-11.6.8.638) - Arbitrary Code Execution Buffer Overflow in Adobe Shockwave Player (pre-11.6.8.638) - Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Shockwave Player (pre-11.6.8.638) Buffer Overflow in Adobe Shockwave Player (pre-11.6.8.638) Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe Shockwave Player Arbitrary Program Execution Vulnerability in Ubisoft Uplay PC Web Browser Plugin Arbitrary SQL Command Execution in Symantec Web Gateway 5.0.3.18 Use-after-free vulnerability in nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 Heap-based buffer overflow in nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox and Thunderbird before 16.0 allows remote code execution Use-after-free vulnerability in nsSMILAnimationController::DoSample function in Mozilla Firefox and Thunderbird before 16.0 allows remote code execution or denial of service Use-after-free vulnerability in nsTextEditRules::WillInsert function in Mozilla Firefox and Thunderbird before 16.0 allows remote code execution or denial of service DOMSVGTests::GetRequiredFeatures Use-after-free Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Chrome Object Wrapper (COW) Vulnerability Buffer Overflow in nsCharTraits::length Function in Mozilla Firefox, Thunderbird, and SeaMonkey Heap-based buffer overflow in nsWaveReader::DecodeAudioData function in Mozilla Firefox and Thunderbird before 16.0 allows remote code execution Insufficient Management of insPos Variable in Mozilla Firefox, Thunderbird, and SeaMonkey Heap-based buffer overflow in Convolve3x3 function in Mozilla Firefox and Thunderbird before 16.0 allows remote code execution Arbitrary Web Script Injection in Bugzilla Tabular Reports Memory Corruption and Arbitrary Code Execution Vulnerability in FreeType Remote Code Execution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Same Origin Policy Bypass in Mozilla Firefox, Thunderbird, and SeaMonkey Same Origin Policy Bypass in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) and Arbitrary JavaScript Execution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Same Origin Policy Bypass Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Information Disclosure Vulnerability in Bugzilla Attachment Descriptions Information Disclosure Vulnerability in Bugzilla User.get Method Sensitive Information Disclosure in Bugzilla Custom-Field Visibility Control Cross-Site Scripting (XSS) Vulnerability in evalInSandbox Implementation in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Code Execution via Crafted GIF Image in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Code Execution via Bookmarklets in Mozilla Firefox New Tab Page Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Untrusted Search Path Vulnerability in Mozilla Firefox Installer Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Compartment Bypass Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary JavaScript Execution via Crafted Stylesheet in Mozilla Firefox XPCWrappedNative::Mark Use-After-Free Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in nsEditor::FindNextLeafNode function in Mozilla Firefox, Thunderbird, and SeaMonkey before 17.0/2.14 Use-after-free vulnerability in nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 Use-after-free vulnerability in nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 Use-after-free vulnerability in gfxFont::GetFontEntry function in Mozilla Firefox and Thunderbird before 17.0 allows remote code execution or denial of service Use-after-free vulnerability in nsViewManager::ProcessPendingUpdates function in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote attackers to execute arbitrary code or cause a denial of service BuildTextRunsScanner::BreakSink::SetBreaks Use-After-Free Vulnerability Sensitive Information Disclosure in phpMyAdmin 3.5.x before 3.5.2.1 Arbitrary Code Execution and Denial of Service Vulnerability in DIAG Kernel-Mode Driver Integer Overflow in Diagchar_core.c in Qualcomm Diagnostics (DIAG) Kernel-Mode Driver for Android 2.3 through 4.2 Denial of Service Vulnerability in Qualcomm KGSL Kernel-Mode Driver Arbitrary Memory Write Vulnerability in NVIDIA UNIX Graphics Driver Quick Post Widget Plugin 1.9.1 for WordPress - Multiple Cross-Site Scripting (XSS) Vulnerabilities Cross-Site Scripting (XSS) Vulnerability in TinyMCE 3.5.8 BBCode Plugin Arbitrary Web Script Injection Vulnerability in jCore Admin Panel SQL Injection Vulnerability in jCore Admin Panel (admin/index.php) Allows Remote Code Execution Remote Denial of Service Vulnerability in LibreOffice and OpenOffice Arbitrary Web Script Injection in Phorum Control Center Group Moderation Screen Directory Listing Vulnerability in RSGallery2 Component for Joomla! Arbitrary Web Script Injection Vulnerability in Total Shop UK eCommerce Open Source SQL Injection Vulnerabilities in TCExam before 11.3.008: Remote Code Execution Arbitrary Web Script Injection in TCExam's tce_edit_answer.php SQL Injection Vulnerability in Group-Office Community before 4.0.90 via sort parameter in modules/calendar/json.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in Microcart 1.0 MF Gig Calendar Plugin 0.9.2 for WordPress Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in ISC BIND 9.x Unauthenticated Remote Command Execution in GIMP 2.6 Script-Fu Network Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpList before 2.10.19 Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpList 2.10.19 Unrestricted Access to libkindleplugin.so NPAPI Plugin Interface in Amazon Kindle Touch Arbitrary Command Execution Vulnerability in Amazon Kindle Touch (CVE-2012-4248) Remote Code Execution Vulnerability in Samsung NET-i Viewer 1.37 Multiple Cross-Site Scripting (XSS) Vulnerabilities in MySQLDumper 1.24.4 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in MySQLDumper 1.24.4 Directory Traversal Vulnerabilities in MySQLDumper 1.24.4 Sensitive Information Disclosure in MySQLDumper 1.24.4 via Direct Request Information Disclosure Vulnerability in MySQLDumper 1.24.4 Information Disclosure Vulnerability in jNews Component for Joomla! Sensitive Information Disclosure in Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 SQL Injection Vulnerabilities in MYRE Real Estate Software (2012 Q2) Arbitrary Script Injection in XPhone UC Web and XPhone Virtual Directory Multiple SQL Injection Vulnerabilities in myCare2x SQL Injection Vulnerability in myCare2x: Remote Code Execution via lang Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in myCare2x Arbitrary Web Script Injection via HTTP_USER_AGENT Header in Better WP Security Plugin Cross-Site Scripting (XSS) Vulnerabilities in Better WP Security Plugin for WordPress SQL Injection Vulnerability in Proman Xpress 5.0.1: Remote Code Execution via cid Parameter in category_edit.php Cross-Site Scripting (XSS) Vulnerability in Proman Xpress 5.0.1 via cl_comments Parameter Arbitrary Script Injection in Sockso 1.5 and Earlier Arbitrary Web Script Injection via HTTP_ACCEPT_ENCODING Header in BulletProof Security Plugin for WordPress Arbitrary Code Execution via Unrestricted File Upload in eFront 3.6.11 Arbitrary Script Injection via Message Subject Box in eFront 3.6.11 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Bad Behavior WordPress Plugin Cross-Site Scripting (XSS) Vulnerabilities in 2 Click Social Media Buttons Plugin for WordPress Arbitrary Web Script Injection in 2 Click Social Media Buttons Plugin for WordPress Unspecified Remote Code Execution Vulnerability in Hitachi Cobol GUI Option and Cobol GUI Option Server Arbitrary Web Script Injection Vulnerability in Hitachi IT Operations Director Unspecified Denial of Service Vulnerability in Hitachi IT Operations Director Smarty before 3.1.8 Cross-Site Scripting (XSS) Vulnerability in smarty_function_html_options_optoutput Multiple Cross-Site Scripting (XSS) Vulnerabilities in Free Realty 3.1-0.6 Multiple SQL Injection Vulnerabilities in Free Realty 3.1-0.6 Cross-Site Request Forgery (CSRF) Vulnerabilities in Free Realty 3.1-0.6 Multiple SQL Injection Vulnerabilities in Travelon Express 6.2.2 SQL Injection Vulnerability in Trombinoscope 3.5's photo.php Allows Remote Code Execution Login With Ajax Plugin for WordPress XSS Vulnerability Privilege Escalation Vulnerability in Viscosity 1.4.1 on Mac OS X Denial of Service Vulnerability in Wireshark DCP ETSI Dissector Denial of Service Vulnerability in Wireshark 1.8.x Denial of Service Vulnerability in Wireshark MongoDB Dissector Integer Overflow Vulnerability in XTP Dissector in Wireshark Denial of Service via Large Number of AFP ACL Entries in Wireshark Denial of Service Vulnerability in Wireshark CTDB Dissector Denial of Service Vulnerability in Wireshark CIP Dissector Denial of Service Vulnerability in Wireshark STUN Dissector Denial of Service in Wireshark EtherCAT Mailbox Dissector Buffer Overflow in ERF Dissector Allows Remote Code Execution Array Index Error in ERF Dissector in Wireshark 1.8.x before 1.8.2 Buffer Overflow Vulnerability in RTPS2 Dissector in Wireshark Buffer Overflow in Wireshark GSM RLC MAC Dissector Arbitrary Code Execution via Crafted Packet-Trace File in Wireshark 1.8.x Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified Confidentiality Vulnerability in Oracle WebCenter Content Component Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier CSRF Vulnerability in PHPJabbers Vacation Rental Script Allows Remote Account Hijacking CSRF Vulnerability in Utopia News Pro (UNP) 1.4.0 and Earlier: Unauthorized Account Addition CSRF Vulnerability in AlstraSoft Site Uptime Enterprise Allows Remote Authentication Hijacking Unspecified Remote Attack Vulnerability in Image News Slider Plugin for WordPress Unspecified vulnerability in vBulletin Suite, Forum, and MAPI Plugin with Unknown Impact and Attack Vectors Remote Denial of Service Vulnerability in Samsung D6000 TV and Other Products Remote Denial of Service Vulnerability in Samsung D6000 TV Unspecified Vulnerabilities in SPIP Before 2.1.13 Information Disclosure Vulnerability in ShareYourCart Plugin 1.7.1 for WordPress Stack-based Buffer Overflow in BackupToAvi Method in Samsung NET-i Viewer ActiveX Controls Arbitrary Code Execution Vulnerability in Samsung NET-i Viewer ActiveX Controls Denial of Service Vulnerability in Samsung NET-i Viewer 1.37.120316 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Flogr 2.5.6 and Earlier Arbitrary Code Execution Vulnerability in Foxit Reader Sybase EAServer Cross-Site Scripting (XSS) Vulnerability Multiple Stack-Based Buffer Overflows in SAP NetWeaver ABAP 7.x msg_server.exe Multiple Cross-Site Scripting (XSS) Vulnerabilities in Gallery 3 before 3.0.4 Arbitrary PHP Code Execution Vulnerabilities in Gallery 3 before 3.0.4 Arbitrary Web Script Injection Vulnerability in Ipswitch WhatsUp Gold 15.02 Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin Database Structure Page Directory Traversal Vulnerabilities in Symantec Messaging Gateway (SMG) 9.5.x Arbitrary Code Execution Vulnerability in Symantec Endpoint Protection Management Console Unquoted Windows Search Path Privilege Escalation Vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 Unquoted Windows Search Path Vulnerabilities in Symantec Enterprise Security Manager (ESM) Privilege Escalation via Integer Overflow in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Stoneware webNetwork 6.1 before SP1 Stack-based Buffer Overflow in Sielco Sistemi Winlog Pro and Winlog Lite SCADA Buffer Overflow Vulnerability in Sielco Sistemi Winlog Pro and Winlog Lite SCADA Buffer Overflow Vulnerability in Sielco Sistemi Winlog Pro and Winlog Lite SCADA Directory Traversal Vulnerabilities in Sielco Sistemi Winlog Pro and Winlog Lite SCADA Remote Code Execution Vulnerability in Sielco Sistemi Winlog Pro and Winlog Lite SCADA Denial of Service and Remote Code Execution Vulnerability in Sielco Sistemi Winlog Pro and Winlog Lite SCADA Unvalidated Return Value in Sielco Sistemi Winlog Pro and Winlog Lite SCADA Arbitrary Web Script Injection Vulnerability in mod_pagespeed Module for Apache HTTP Server Command Injection Vulnerability in HP SAN/iQ Hardcoded Password Vulnerability in HP SAN/iQ Unspecified Remote Code Execution Vulnerabilities in Adobe Reader Predictable Default WPA2-PSK Passphrase Vulnerability in Belkin Wireless Routers Arbitrary Web Script Injection via Nonexistent Image in MediaWiki Cross-Site Scripting (XSS) Vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 Clickjacking vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 Bypassing GlobalBlocking Extension IP Address Blocking in MediaWiki Password Vulnerability in MediaWiki Versions 1.18.5 and 1.19.x User Block Metadata Disclosure Vulnerability SQL Injection Vulnerability in Contao Prior to 2.11.4 Multiple XSS Vulnerabilities in LetoDMS CSRF Vulnerability in LetoDMS 3.3.6 Allows Unauthorized Password Changes Cross-Site Request Forgery (CSRF) Vulnerability in Apache Struts 2.0.0 through 2.3.4 Apache Struts 2.0.0 through 2.3.4 Denial of Service Vulnerability HTTP Response-Splitting Vulnerability in PHP 5.4.0RC2 through 5.4.0 Arbitrary Code Execution via Incomplete Blacklist Vulnerability in ownCloud User Enumeration Vulnerability in ownCloud Apps CSRF Vulnerability in ownCloud Allows Hijacking of Administrator Authentication Authentication Bypass Vulnerability in ownCloud 4.0.7 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in ownCloud before 4.0.6 Arbitrary Web Script Injection Vulnerability in ownCloud before 4.0.5 Arbitrary Script Injection in ownCloud index.php via redirect_url Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in ownCloud before 4.0.2 Cross-Site Scripting (XSS) Vulnerabilities in ownCloud 4.0.1 and Earlier Denial of Service Vulnerability in Linux Kernel's __request_module Function XML External Entity (XXE) Injection Vulnerability in CakePHP 2.1.x and 2.2.x Bypassing Upload-Size Restrictions in Moodle 2.2.x and 2.3.x Course Editing Capability Bypass in Moodle 2.2.x and 2.3.x Arbitrary External-Service Function Execution via Insecure Web-Service Tokens in Moodle Information Disclosure Vulnerability in Moodle 2.3.x Improper Handling of Virtual Group Names in MoinMoin 1.9 through 1.9.4 Integer Underflows in icmLut_allocate Function in ICC Format Library: Remote Code Execution and Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in OpenStack Object Storage (Swift) Information Disclosure Vulnerability in Moodle Blog File Publication State Bypassing Access Restrictions via Reset Operation in Moodle Arbitrary Code Execution via Crafted Header in mcrypt 2.6.8 and Earlier Xen Graphical Console Information Disclosure Vulnerability Heap-based Buffer Overflow in GNU C Library (glibc) 2.17 and Earlier Token Invalidation Vulnerability in OpenStack Keystone 2012.1.3 Multiple SQL Injection Vulnerabilities in Replication Code in Oracle MySQL and MariaDB Stack-based Buffer Overflow in libguac Allows Remote Code Execution Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality and integrity Symlink Attack Vulnerability in GlusterFS 3.3.0 XML Signature Wrapping Vulnerability in Apache Axis2 Denial of Service Vulnerability in Tor's compare_tor_addr_to_addr_policy Function Information Disclosure Vulnerability in Java SE 7 Unauthenticated Remote Post Publishing Vulnerability in WordPress Unintended Plugin Changes via Network-Wide Activation in WordPress Multisite Remote Denial of Service Vulnerability in libvirt Stack-based Buffer Overflow in GNU C Library (glibc) Allows for Denial of Service or Arbitrary Code Execution Privilege Escalation via DBUS_SYSTEM_BUS_ADDRESS Environment Variable in libgio Format string vulnerabilities in mcrypt 2.6.8 and earlier: User-assisted remote code execution and denial of service Arbitrary Extension Download and Installation Vulnerability in GNOME Shell Plugin 3.4.1 DoS Vulnerability in SLPIntersectStringList() Function in openslp Clipboard Activity Leakage in Vino 2.28, 2.32, 3.4.2, and Earlier Improper ACL Enforcement in Bacula Allows Unauthorized Resource Dump Access Bypassing CSRF Protection in Apache Tomcat 6.x and 7.x Use-after-free vulnerability in OptiPNG allows remote code execution via palette reduction vectors Heap-based Buffer Overflow in GEGL's PPM Image Loading Remote Code Execution and Denial of Service Vulnerability in fwknop before 2.0.3 IP Address Validation Bypass in fwknop before 2.0.3 Buffer Overflow Vulnerability in fwknop Allows for Denial of Service and Possible Code Execution SmartyException Class XSS Vulnerability Arbitrary Code Execution Vulnerability in Jenkins Main and LTS Versions Arbitrary Web Script Injection in Jenkins Main Before 1.482 and LTS Before 1.466.2 Arbitrary Web Script Injection in Jenkins Violations Plugin Arbitrary Web Script Injection in Jenkins CI Game Plugin Race Condition Exploit: Privilege Escalation in Monkey HTTP Daemon 0.9.3 Privilege Escalation via Monkey HTTP Daemon 0.9.3 CGI Script Execution IPv6 Fragment Overlapping Vulnerability Heap-based Buffer Overflow in EAP Server TLS Fragment Processing Authentication Bypass Vulnerability in Apache Qpid 0.20 and Earlier Heap-based Buffer Overflow in LibTIFF Allows Remote Code Execution via Crafted TIFF Image CSRF vulnerability in WordPress 3.4.2 allows hijacking of administrator authentication via RSS URL modification Weak Secret Key Generation in Apache Hadoop with Kerberos Security ACL Bypass Vulnerability in 389 Directory Server 1.2.10 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zend Framework 2.0.x Privilege Bypass Vulnerability in MySQL 5.0.88 and Other Versions World-readable permissions in dracut.sh vulnerability World-writable file vulnerability in openCryptoki before 2.4.1 World-writable permissions vulnerability in openCryptoki 2.4.1 via symlink attack OpenStack Keystone Vulnerability: Unauthorized Access to User Roles and Services Authorization Bypass Vulnerability in OpenStack Keystone AMQP Type Decoder Denial of Service Vulnerability Denial of Service via Integer Overflow in Apache Qpid Denial of Service Vulnerability in Apache Qpid 0.20 and Earlier Denial of Service Vulnerability in Linux Kernel's KVM Subsystem Denial of Service Vulnerability in Condor's Aviary/Jobcontrol.py Arbitrary Command Execution in Midnight Commander (mc) 4.8.5 Vulnerability: Tainted String Modification in Ruby 1.9.3 and 2.0 Heap-based Buffer Overflow in cgit's substr Function Allows Remote Code Execution Vulnerability: Tainted String Modification in Ruby 1.8.7, 1.9.3, and 2.0 Incorrect Argument Order in do_siocgstamp and do_siocgstampns Functions in Linux Kernel Privatemsg Module XSS Vulnerability Arbitrary Web Script Injection Vulnerability in Hashcash Module for Drupal Improper Permission Check in Listhandler Module for Drupal Allows Remote Comment Authors to Bypass Access Restrictions Unrestricted Access and Manipulation of Search Autocomplete in Drupal Arbitrary PHP Code Execution via Unrestricted File Upload in Drag & Drop Gallery Module for Drupal Unpublished Node Access Vulnerability in Restrict Node Page View Module for Drupal Colorbox Node Module XSS Vulnerabilities Arbitrary User Question and Answer Editing Vulnerability in Drupal Security Questions Module Cross-Site Scripting (XSS) Vulnerability in Drupal Drag & Drop Gallery Module 6.x Unspecified Remote Access Bypass Vulnerability in Drag & Drop Gallery Module for Drupal 6.x CSRF Vulnerability in Drag & Drop Gallery Module for Drupal Allows Administrator Authentication Hijacking SQL Injection Vulnerability in Drag & Drop Gallery Module for Drupal 6.x Insecure File Permissions: World-Writable PID Files in /var/run Incomplete Fix for CVE-2011-1005 Allows Context-Dependent String Modification in Ruby 1.8.7 Unverified Payment Notification Vulnerability in Ubercart SecureTrading Payment Method Module for Drupal Improper Access Restrictions in Drupal Commons Module Cross-site scripting (XSS) vulnerability in Campaign Monitor module for Drupal administrative interface Cross-Site Scripting (XSS) Vulnerabilities in Gallery Formatter Module for Drupal CSRF Vulnerability in Subuser Module for Drupal Allows User Hijacking Improper Permission Check in Subuser Module Allows Role Manipulation Improper Access Control in Drupal Location Module Open Redirect Vulnerability in Secure Login Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Excluded Users Module for Drupal Unrestricted Access to Restricted Nodes in Monthly Archive by Node Type Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Shorten URLs Module for Drupal Arbitrary Code Injection in Better Revisions Drupal Module Shibboleth Authentication Module 7.x-4.0 for Drupal User Bypass Vulnerability Arbitrary File Attachment Vulnerability in Mime Mail Module for Drupal Arbitrary Script Injection Vulnerability in Custom Publishing Options Module for Drupal Arbitrary Code Injection in Elegant Theme's 3 Slide Gallery Module for Drupal Access Restriction Bypass in Activism Module for Drupal Email Address Disclosure Vulnerability in Drupal Email Field Module Vulnerability in Announcements Module Allows Bypass of Node Access Restrictions Arbitrary API Call Vulnerability in Citrix CloudStack and Apache CloudStack Integer overflows in pktlength.c in Chrony before 1.29 leading to denial of service Information Disclosure Vulnerability in Chrony Stack-based Buffer Overflow in libproxy's url::get_pac Function Heap-based Buffer Overflow in px_pac_reload function in libproxy Arbitrary Repository Creation Vulnerability in Gitolite 3.x Remote Denial of Service Vulnerability in Claws Mail 3.8.1 Uninitialized Extent Race Condition Vulnerability in Linux Kernel User-assisted Remote File Access in cups-pk-helper Automatic Connection to Flickr in libsocialweb Allows MITM Attack to Obtain Sensitive Information Denial of Service and Memory Read Vulnerability in Konqueror's CSS Parser Heap-based Buffer Over-read in Konqueror in KDE 4.7.3 NULL pointer dereference vulnerability in rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 Use-after-free vulnerability in Konqueror allows remote attackers to execute arbitrary code Unspecified Port Vulnerability in librdmacm 1.0.16 Denial of Service in ibacm before 1.0.6 via Crafted Join Response World-writable file vulnerability in ibacm 1.0.7 Cross-Site Scripting (XSS) Vulnerability in Zenphoto before 1.4.3.4 admin-news-articles.php date parameter Arbitrary URL Generation Vulnerability in Django HttpRequest.get_host Function NUL Byte File Path Vulnerability in Ruby 1.9.3 and 2.0.0 Certificate Verification Bypass in radsecproxy before 1.6.1 Security Bypass Vulnerability in xlockmore's 'dclock' Component Piwigo Password.php XSS Vulnerability Incomplete Fix for XSS Vulnerability in piwigo's password.php (CVE-2012-4525) Stack-based Buffer Overflow in mcrypt 2.6.8 and Earlier: Remote Code Execution and Denial of Service Vulnerability Bypassing Rules and Delivering Arbitrary POST Data in mod_security2 for Apache HTTP Server Session ID Exposure via Response.encodeURL Method in Red Hat JBoss Web Kernel Stack Memory Disclosure Vulnerability Arbitrary Web Script Injection Vulnerability in Joomla! 2.5.x before 2.5.7 Arbitrary Script Injection in Joomla! Language Switcher Module Cross-site scripting (XSS) vulnerability in ViewVC allows remote authenticated users to inject arbitrary web script or HTML via extra details in DiffSource._get_row function Denial of Service Vulnerability in Apache Tomcat NIO Connector Denial of Service Vulnerability in Xen Hypervisor Denial of Service Vulnerability in Xen 2.2 via Crafted pirq Value Memory mapping failure DoS vulnerability in Xen 3.4 through 4.2 Denial of Service Vulnerability in Xen 4.0, 4.1, and 4.2 via HVMOP_pagetable_dying Hypercall Grant Table Hypercall Infinite Loop DoS Vulnerability in Xen 4.0 through 4.2 Off-by-one error in IcedTea-Web allows remote code execution and denial of service Piwik 1.9 XSS Vulnerability Improper Authorization of SCSI Commands in Linux Kernel Cross-Site Scripting (XSS) Vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 Unvalidated Size Vulnerability in Xen PV Domain Builder HTTP Negotiate Authentication Vulnerability in ELinks 0.12 Inconsistent Certificate Revocation Lists (CRLs) in Red Hat Enterprise Linux 6 Identity Management Replicas Unspecified Vulnerability in AWStats before 7.1 with Unknown Impact and Attack Vectors Argument Injection Vulnerability in cgit's syntax-highlighting.sh Bypassing Access Restrictions in JBoss EAP's AuthorizationInterceptor Role-based authorization bypass in JBoss EAP before 6.0.1 Libunity-webapps Use-After-Free Vulnerability Stack-based Buffer Overflow in PLIB 1.8.5's ssgParser.cxx Error Function Remote Code Execution and Information Disclosure Vulnerability in Drupal 7.x before 7.16 Arbitrary File Read Vulnerability in Drupal 7.x OpenID Module Denial of Service Vulnerability in Red Hat Certificate System Denial of Service Vulnerability in Red Hat Certificate System Denial of Service Vulnerability in Apache HTTP Server's mod_proxy_ajp Module Apache HTTP Server mod_proxy_balancer.c XSS Vulnerabilities Multiple Double Free Vulnerabilities in libssh before 0.5.3 Buffer Overflow Vulnerabilities in libssh 0.5.3 and Earlier Denial of Service Vulnerability in libssh 0.5.3 and Earlier Integer Overflow Vulnerabilities in libssh Unspecified Cross-Site Scripting (XSS) Vulnerability in Google Web Toolkit (GWT) 2.4 Beta and Release Candidates Heap-based Buffer Overflow in ppm2tiff Allows for Remote Code Execution Denial of Service Vulnerability in Linux Kernel TCP Illinois Congestion Control Improper Certificate Verification in radsecproxy before 1.6.2 Cross-Site Scripting (XSS) Vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 Cross-Site Request Forgery (CSRF) Vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 Arbitrary Web Script Injection in LetoDMS (formerly MyDMS) before 3.3.9 SQL Injection Vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 Insecure Initialization of Cipher in Python Keyring 0.9.1 Allows Password Extraction via Brute-Force Attack Authorization Bypass Vulnerability in Red Hat JBoss EAP and JBoss Portal Arbitrary Image Deletion Vulnerability in OpenStack Glance API World-readable permissions for pulp.conf in Red Hat CloudForms before 1.1 allow local users to read administrative password Denial of Service Vulnerability in pgbouncer Pooler 1.5.2 Local Privilege Escalation Vulnerability in FreeBSD Hardcoded Root Password Vulnerability in Korenix Jetport 5600 and ORing Industrial DIN-Rail Serial-Device Servers Weak Master Key Vulnerability in geli Encryption Provider on FreeBSD 10 Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 Arbitrary Web Script Injection Vulnerability in McAfee Email and Web Security (EWS) and McAfee Email Gateway (MEG) Session Hijacking Vulnerability in McAfee Email and Web Security (EWS) and McAfee Email Gateway (MEG) Arbitrary Password Reset Vulnerability in McAfee Email and Web Security (EWS) and McAfee Email Gateway (MEG) Session Token Exposure in McAfee Email and Web Security (EWS) and Email Gateway (MEG) Improper Encryption of System-Backup Data in McAfee Email and Web Security (EWS) and McAfee Email Gateway (MEG) Arbitrary File Read Vulnerability in McAfee Email and Web Security (EWS) and McAfee Email Gateway (MEG) Privilege Escalation Vulnerability in McAfee Email and Web Security (EWS) and McAfee Email Gateway (MEG) Improper Dependency on DNS SRV Records in McAfee EMM Agent and Server Denial of Service Vulnerability in McAfee Enterprise Mobility Manager (EMM) Agent and Server Unspecified Form Fields in Login.aspx in McAfee EMM Portal before 10.0 Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in McAfee Enterprise Mobility Manager (EMM) Portal Information Disclosure Vulnerability in McAfee Enterprise Mobility Manager (EMM) Portal Insecure Session Cookie Handling in McAfee Enterprise Mobility Manager (EMM) Authentication Bypass Vulnerability in McAfee Application Control and Change Control Arbitrary Reporting Panel Access Vulnerability in McAfee ePolicy Orchestrator (ePO) 4.6.1 and Earlier Authentication Bypass Vulnerability in McAfee Email and Web Security (EWS) and McAfee Email Gateway (MEG) Arbitrary File Download Vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 Arbitrary Web Script Injection Vulnerability in McAfee Email and Web Security (EWS) and McAfee Email Gateway (MEG) Arbitrary Code Execution and Denial of Service Vulnerability in McAfee Virtual Technician Unauthenticated Remote Code Execution in McAfee SmartFilter Administration Arbitrary web script injection vulnerability in OTRS Help Desk SQL Injection Vulnerabilities in Nicola Asuni TCExam Arbitrary Web Script Injection in Nicola Asuni TCExam before 11.3.009 Arbitrary Code Execution Vulnerability in Citrix XenApp and Receiver for Windows Authentication Bypass Vulnerability in TRITON Management Console Weak SSL Ciphers Enabled in Websense Email Security SMTP Component Local Privilege Escalation Vulnerability in Citrix XenServer Remote Code Execution Vulnerability in EMC NetWorker CSRF Vulnerability in EMC RSA NetWitness Informer Clickjacking Vulnerability in EMC RSA NetWitness Informer Cleartext Storage of Server Root Password in EMC Avamar Client for VMware 6.1 Unspecified Cross-Site Scripting (XSS) Vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 Arbitrary Web Script Injection Vulnerability in EMC RSA Data Protection Manager Appliance and Software Server Authentication Bypass Vulnerability in EMC RSA Data Protection Manager Appliance Unauthenticated Database Access in EMC Smarts Network Configuration Manager (NCM) Hardcoded Encryption Key Vulnerability in EMC Smarts Network Configuration Manager (NCM) Arbitrary File Read Vulnerability in EMC Data Protection Advisor Web UI Denial of Service Vulnerability in Cisco IOS BGP Implementation Denial of Service Vulnerability in Cisco IOS SIP ALG Feature (Bug ID CSCtn76183) Denial of Service Vulnerability in Cisco IOS NAT Implementation (Bug ID CSCtr46123) Denial of Service Vulnerability in Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 Series Routers Denial of Service Vulnerability in Cisco IOS 15.0 through 15.2 (Bug ID CSCty96049) Denial of Service Vulnerability in Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E Series Switches with Supervisor Engine 7L-E Card (Bug ID CSCty88456) Denial of Service Vulnerability in Cisco IOS DHCPv6 Server (CSCto57723) Denial of Service Vulnerability in Cisco ASA-CX and Prime Security Manager Denial of Service Vulnerability in Cisco IOS (Bug ID CSCto00318) Denial of Service vulnerability in Cisco ASA and ASASM devices (CSCtw84068) Denial of Service Vulnerability in Cisco IOS with ScanSafe Enabled (CSCub85451) Arbitrary Code Execution Vulnerability in Cisco Secure Desktop WebLaunch Feature Denial of Service Vulnerability in Cisco IOS ios-authproxy Implementation Denial of Service Vulnerability in Cisco ASA and ASASM Devices (CSCtz04566) Denial of Service Vulnerability in Cisco ASA and ASASM Devices (CSCtr63728) Stack-based Buffer Overflow in Cisco ASA and ASASM Devices Denial of Service Vulnerability in Cisco ASA and FWSM Devices via Crafted DCERPC Packet Denial of Service Vulnerability in Cisco ASA and FWSM Devices via Crafted DCERPC Packet Multiple Cross-Site Scripting (XSS) Vulnerabilities in SquidClamav 5.x before 5.8 Arbitrary Web Script Injection via Email Signature in Roundcube Webmail 0.8.1 and Earlier XMPP Server Dialback Response Spoofing Vulnerability Domain Spoofing Vulnerability in Tigase XMPP Server XMPP Server Dialback Response Spoofing Vulnerability Unverified Request Vulnerability in Apple iChat Server Allows Domain Spoofing SQL Injection Vulnerability in NeoInvoice's invoice.php Controller Information Disclosure Vulnerability in PluXml before 5.1.6 PluXml 5.1.6 File Update Cross-Site Scripting (XSS) Vulnerability Arbitrary File Deletion Vulnerability in Tunnelblick 3.3beta20 and Earlier Privilege Escalation via Crafted Info.plist File in Tunnelblick 3.3beta20 and Earlier Denial of Service Vulnerability in Munin 2.0 rc4's munin-cgi-graph Arbitrary Script Injection in Newscoop Admin Login XML Server Directory Traversal Vulnerability in IOServer Java Runtime Environment (JRE) Remote Code Execution Vulnerability Unspecified Denial of Service Vulnerability in bitcoind and Bitcoin-Qt Unspecified Denial of Service Vulnerability in bitcoind and Bitcoin-Qt Denial of Service Vulnerability in Bitcoin Alert Functionality Arbor Networks Peakflow SP XSS Vulnerability SQL Injection Vulnerability in announcement.php in vBulletin 4.1.10 Insufficient Entropy in Post Oak AWAM Bluetooth Reader Traffic System's Private Keys Authentication Bypass Vulnerability in i-GEN opLYNX Central Application Integer Overflow Vulnerability in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY Denial of Service Vulnerability in Rockwell Automation Allen-Bradley Controllers Siemens Automation License Manager (ALM) Memory Leak Vulnerability Weak Encryption Algorithm in Invensys Wonderware InTouch and Siemens ProcessSuite Insufficient Entropy in Moxa EDR-G903 Series Routers Denial of Service Vulnerability in Rockwell Automation RSLinx Enterprise CPR9-SR6 Local Privilege Escalation via Buffer Overflow in Beijer ADP and H-Designer Hardcoded Account Vulnerability in TURCK BL20 and BL67 Programmable Gateways Hardcoded Private Keys in Siemens RuggedCom Rugged Operating System (ROS) Enable Man-in-the-Middle Attacks Buffer Overflow Vulnerabilities in IntegraXor SCADA Server ActiveX Control Tridium Niagara AX Directory Traversal Vulnerability Hardcoded Root Password Vulnerability in 360 Systems Maxx, Image Server Maxx, and Image Server 2000 Denial of Service Vulnerability in Emerson DeltaV SE3006, DeltaV VE3005, and DeltaV VE3006 Remote Code Execution Vulnerability in 3S CODESYS Gateway-Server Arbitrary Code Execution via Directory Traversal in 3S CODESYS Gateway-Server Denial of Service Vulnerability in 3S CODESYS Gateway-Server Arbitrary Code Execution Vulnerability in 3S CODESYS Gateway-Server Remote Code Execution Vulnerability in 3S CODESYS Gateway-Server XML External Entity (XXE) Vulnerability in Invensys Wonderware InTouch HMI 2012 R2 and Earlier XML External Entity (XXE) Vulnerability in Invensys Wonderware Win-XML Exporter 1522.148.0.0 Remote Code Execution Vulnerability in WellinTech KingView Hardcoded Account Vulnerability in Moxa EDR-G903 Series Routers Integer Signedness Error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9-SR1 to CPR9-SR6: Denial of Service via Negative Integer Value Integer Overflow Vulnerability in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9-SR1 to CPR9-SR6 Buffer Overflow Vulnerability in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9-SR6 Shared SSH and HTTPS Private Keys in N-Tron 702-W Industrial Wireless Access Point Devices Denial of Service Vulnerability in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and Earlier Denial of Service Vulnerability in Wing FTP Server 4.1.1 Arbitrary Email Header Injection Vulnerability in Request Tracker (RT) 3.8.x and 4.0.x Arbitrary Article Creation Vulnerability in RTFM (Request Tracker) before 2.4.5 CSRF Vulnerability in Request Tracker (RT) Allows Authentication Hijacking Unauthenticated Remote Ticket Deletion in Request Tracker (RT) 4.x before 4.0.13 CSRF Bypass Vulnerability in Request Tracker (RT) 3.8.x and 4.0.x Bypassing Access Restrictions and Data Exfiltration via exFAT USB Drives in Sophos SafeGuard Enterprise 6.0 ACL Bypass Vulnerability in Asterisk Open Source and Certified Asterisk Multiple Cross-Site Scripting (XSS) Vulnerabilities in Barracuda SSL VPN Arbitrary Web Script Injection in PacketFence Captive Portal User Identity Spoofing in PacketFence RADIUS Extension Arbitrary Code Execution Vulnerability in PacketFence Web Node Register Function SQL Injection Vulnerabilities in Siche Search Module 0.5 for Zeroboard Arbitrary Web Script Injection Vulnerability in Siche Search Module 0.5 for Zeroboard Acuity CMS 2.6.2 Admin Login Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in ZTE ZXDSL 831IIV7.5.0a_Z29_OV Allows Remote Password Hijacking Insufficient Access Control in Bugzilla Allows Unauthorized Access to Sensitive Information Code Execution Vulnerability in Ezhometech EzServer 7.0 via AMF Requests Arbitrary Script Injection Vulnerability in OTRS Help Desk Unrestricted Access to AppConfigurations in ownCloud before 4.0.6 Cross-Site Request Forgery (CSRF) Vulnerabilities in ownCloud before 4.0.5 Untrusted Search Path Vulnerabilities in MindManager 2012 10.0.493 Untrusted Search Path Vulnerability in SciTools Understand before 2.6 Build 600 Untrusted Search Path Vulnerabilities in CyberLink LabelPrint 2.5.3602 Untrusted Search Path Vulnerabilities in CyberLink StreamAuthor 4.0 Build 3308 Untrusted Search Path Vulnerabilities in CyberLink PowerProducer 5.5.3.2325 Untrusted Search Path Vulnerability in Facebook Plugin in Foxit Reader 5.3.1.0606 Privilege Escalation Vulnerability in Safend Data Protector Agent 3.4.5586.9772 Unquoted Service Binary Privilege Escalation Vulnerability in Safend Data Protector Agent 3.4.5586.9772 Vulnerability in Safend Data Protector Agent Allows Unauthorized Access and Modification of Security Policies Arbitrary Script Injection in Download Monitor Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Subrion CMS before 2.2.3 SQL Injection Vulnerability in Subrion CMS Register Page CSRF Vulnerabilities in Subrion CMS 2.2.3 and Earlier Allow Remote Authentication Hijacking Windows Memory Copy Vulnerability CTreeNode Use After Free Vulnerability in Microsoft Internet Explorer 9 Web Proxy Auto-Discovery (WPAD) Remote Code Execution Vulnerability WPF Reflection Optimization Vulnerability InjectHTMLStream Use After Free Vulnerability in Microsoft Internet Explorer 6-10 CMarkup Use After Free Vulnerability in Microsoft Internet Explorer 9 and 10 TrueType Font Parsing Vulnerability Improper Ref Counting Use After Free Vulnerability in Microsoft Internet Explorer 9 and 10 Exchange Server RSS Feed DoS Vulnerability Remote Code Execution Vulnerability in Microsoft Internet Explorer 6-8 Bypassing Access Restrictions in IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 NFSv4 Client Implementation Denial of Service Vulnerability in IBM AIX and VIOS Arbitrary File Viewing Vulnerability in IBM InfoSphere Information Server Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Information Server Insecure Use of java.lang.reflect.Method Invoke() Method Vulnerability Unspecified Remote Code Execution Vulnerabilities in IBM Java and Other Products Unspecified Remote Code Execution Vulnerabilities in IBM Java and Other Products Arbitrary Code Execution Vulnerability in IBM Java and Other Products Open Redirect Vulnerability in IBM Lotus Notes Traveler 8.5.3 Cross-Site Scripting (XSS) Vulnerabilities in IBM Lotus Notes Traveler Stack-based Buffer Overflow in IBM DB2 SQL/PSM Stored Procedure Infrastructure Insecure Default X.509 Certificate Authentication in IBM XIV Storage System Gen3 Unspecified Remote Data Disclosure Vulnerability in IBM WebSphere Commerce Lack of Autocomplete Attribute in IBM InfoSphere Information Server and Business Glossary Login Page Arbitrary Process Killing Vulnerability in IBM AIX and VIOS Arbitrary File Read Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM Cognos Business Intelligence IBM Cognos Business Intelligence (BI) Multiple Versions Cross-Site Scripting (XSS) Vulnerability XPath Injection Vulnerability in IBM Cognos Business Intelligence Information Disclosure Vulnerability in IBM Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) Phishing Vulnerability in IBM Rational ClearQuest Web Client XPath Injection Vulnerability in IBM Cognos Business Intelligence Unspecified Denial of Service Vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 Arbitrary Redirect Vulnerability in IBM Lotus Domino 8.5.x through 8.5.3 Arbitrary Web Script Injection Vulnerability in IBM Lotus Domino 8.5.x through 8.5.3 Privilege Escalation in IBM AIX and VIOS FTP Client Missing HTTPOnly Flag in Lotus Notes 8.5.x Set-Cookie Header Vulnerability Denial of Service Vulnerability in IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 Cross-Site Scripting (XSS) Vulnerabilities in IBM Lotus Foundations Start 1.2.2c Privilege Escalation Vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile Arbitrary Web Script Injection Vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile CSRF Vulnerability in IBM WebSphere Application Server Unspecified Denial of Service Vulnerability in IBM WebSphere Commerce Remote Code Execution Vulnerability in IBM Power 5 Service Processor Remote Code Execution Vulnerability in IBM Informix 11.50 and 11.70 Arbitrary Command Execution Vulnerability in IBM Cognos Business Intelligence Unspecified Local File System Object Manipulation Vulnerability in IBM Tivoli Storage Manager for Space Management Directory Listing Vulnerability in InfoSphere Data Replication Dashboard Insecure Storage of SSL Certificate Password in IBM Rational Developer for System z Critical DoS Vulnerability in IBM WebSphere MQ 7.1 and 7.5 Queue Manager Remote Code Execution and Denial of Service Vulnerability in Oreans WinLicense 2.1.8.0 Buffer Overflow Vulnerability in Oreans Themida 2.1.8.0 via Crafted .TMD File Xtreme RAT 3.5 Untrusted Search Path Vulnerability Arbitrary File Read Vulnerability in vtiger CRM 5.1.0 Arbitrary SQL Command Execution Vulnerability in Kunena Component 1.7.2 for Joomla! Arbitrary Command Execution in FreePBX 2.9 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in FreePBX 2.9 and Earlier Arbitrary Web Script Injection via gtitle Parameter in LiteSpeed Web Server 4.1.11 Kayako Fusion Tickets/Submit Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection in GNUBoard's file_download Function Unspecified Image Upload Vulnerability in Another WordPress Classifieds Plugin Heap-based Buffer Overflow in Ghostscript 9.04 via Long File Name in PostScript Document Remote Code Execution Vulnerability in TRENDnet SecurView TV-IP121WN Wireless Internet Camera CSRF Vulnerability in FlatnuX CMS 2011 08.09.2 and Earlier: Unauthorized User Account Addition Absolute Path Traversal Vulnerability in FlatnuX CMS 2011 08.09.2 Default Password Vulnerability on WAGO I/O System 758 Model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) Devices Untrusted Search Path Vulnerabilities in DVD Architect Pro and DVD Architect Studio Untrusted Search Path Vulnerability in moviEZ HD 1.0 Build 2554-29894-A Untrusted Search Path Vulnerabilities in 3D XML Player 6.212.13.12076 Untrusted Search Path Vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 Arbitrary File Creation Vulnerability in Request Tracker (RT) 3.8.x and 4.0.x Denial of Service Vulnerability in MediaWiki Wikitext Parser Remote Code Execution Vulnerability in Kingsoft WPS Office 2012 (possibly 8.1.0.3238) via Stack-based Buffer Overflow in wpsio.dll Cross-Site Scripting (XSS) Vulnerabilities in ManageEngine Firewall Analyzer 7.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in FlatnuX CMS 2011 08.09.2 and Earlier Cross-site scripting (XSS) vulnerability in ManageEngine Firewall Analyzer 7.2 in fw/index2.do Multiple Cross-Site Scripting (XSS) Vulnerabilities in FlatnuX CMS 2012-03.08 and Earlier Cross-Site Request Forgery (CSRF) Vulnerabilities in Webmin 1.590 and Earlier Arbitrary Code Execution and Memory Corruption Vulnerability in Google SketchUp Heap-based Buffer Overflow in SumatraPDF Allows Remote Code Execution via Crafted PDF Document Heap-based Buffer Overflow in SumatraPDF Allows Remote Code Execution via Crafted PDF Document Untrusted Search Path Vulnerability in VMware Movie Decoder Installer Insufficient Entropy in SSH Keys on Tropos Wireless Mesh Routers Weak Password-Hashing Algorithm in WellinTech KingView 6.5.3 and Earlier Allows Credential Discovery DoS Vulnerability in Corel WordPerfect Office X6 16.0.0.388 via Untrusted Pointer Dereference Arbitrary Code Injection via themes_editor Parameter in Template CMS 2.1.1 and Earlier Cross-Site Request Forgery (CSRF) Vulnerabilities in Template CMS 2.1.1 and Earlier Improper Access Restriction in Google Chrome for Android (CVE-2012-4907) Universal Cross-Site Scripting (UXSS) Vulnerability in Google Chrome for Android Universal XSS (UXSS) vulnerability in Google Chrome for Android Improper Access Restriction in Google Chrome for Android (CVE-2012-4904) Unrestricted Access to Android APIs in Google Chrome for Android (CVE-2012-2854) Symlink Vulnerability in Google Chrome for Android Allows Unauthorized Access to Local Files Cookie Information Disclosure Vulnerability in Google Chrome for Android Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess component allows remote code injection via crafted HTML e-mail signature Remote Code Execution Vulnerability in CoolPDF 3.0.2.256 via Crafted PDF Stream Google Doc Embedder Plugin for WordPress Directory Traversal Vulnerability Cleartext Credential Vulnerability in TripAdvisor iOS App 6.6 Insecure SSL Certificate Validation in Call of Duty Elite for iOS 2.0.1 Remote File Include Vulnerability in Gallery Plugin 1.4 for WordPress Directory Traversal Vulnerability in Zingiri Forum Plugin for WordPress CSRF and XSS Vulnerabilities in DVS Custom Notification Plugin for WordPress Denial of Service Vulnerability in tor_timegm Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in Endian Firewall 2.4 Buffer Overflow in CxDbgPrint Function in ASUS Net4Switch ActiveX Component SQL Injection Vulnerabilities in Img Pals Photo Host 1.0's approve.php Unauthenticated Remote Activation Control in Img Pals Photo Host 1.0 SQL Injection Vulnerability in Limesurvey (PHPSurveyor) Allows Remote Code Execution Arbitrary Script Injection in Oxwall 1.1.1 via ow_updates/index.php Plugin Parameter CRIME Attack: Exploiting TLS Compression Vulnerability CRIME Attack: Exploiting Insecure Compression in SPDY Protocol Multiple Cross-Site Scripting (XSS) Vulnerabilities in SimpleInvoices Hard-coded Credentials Vulnerability in Novell ZENworks Asset Management (ZAM) 7.5 Bypassing Payment Requirements in TomatoCart 1.1.7 with PayPal Express Checkout Sandbox Mode CSRF Vulnerability in Pattern Insight 2.3 Web Interface Allows Remote User Authentication Hijacking Clickjacking Vulnerability in Pattern Insight 2.3 Web Interface Session Fixation Vulnerability in Pattern Insight 2.3 Web Interface Arbitrary Code Injection through Banner Message in Pattern Insight 2.3 Arbitrary Web Script Injection Vulnerability in SolarWinds Orion Network Performance Monitor Directory Traversal Vulnerabilities in Axigen Free Mail Server's View Log Files Component SQL Injection Vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 Arbitrary Web Script Injection in Agile FleetCommander and FleetCommander Kiosk CSRF Vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 Arbitrary Code Execution via Unrestricted File Upload in Agile FleetCommander and FleetCommander Kiosk Command Injection Vulnerability in Agile FleetCommander and FleetCommander Kiosk XOR Password Encryption Vulnerability in Agile FleetCommander and FleetCommander Kiosk Cleartext Storage of Database Credentials in Agile FleetCommander and FleetCommander Kiosk Default Configuration of Fortinet Fortigate UTM Appliances Allows for SSL Server Spoofing SQL Injection Vulnerability in ESRI ArcGIS 10.1 REST Service Arbitrary Script Injection Vulnerability in Pattern Insight 2.3 Keyword Search Page SQL Injection Vulnerabilities in VeriFone VeriCentre Web Console Shared Internal-Database Password Vulnerability in Henry Schein Dentrix G5 CAB Archive Bounds Check Vulnerability in Symantec Endpoint Protection and Scan Engine Arbitrary Profile Modification Vulnerability in Vanilla Forums Arbitrary Web Script Injection in Dell OpenManage Server Administrator (OMSA) Heap-based Buffer Overflow in Novell File Reporter 1.0.2: Remote Code Execution via SRS Record Absolute Path Traversal Vulnerability in Novell File Reporter 1.0.2 Novell File Reporter 1.0.2 Directory Traversal Vulnerability Directory Traversal Vulnerability in Novell File Reporter 1.0.2 Vulnerability: Weak Password Encryption in Huawei Network Devices Hardcoded SNMP Community in Samsung Printer Firmware Allows Remote Administrative Access Multiple Cross-Site Scripting (XSS) Vulnerabilities in SilverStripe 2.3.x and 2.4.x CMshtmlEd::Exec Use-After-Free Vulnerability in Internet Explorer 6-9 Polycom HDX Video End Points XSS Vulnerability Multiple SQL Injection Vulnerabilities in Layton Helpbox 4.4.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Layton Helpbox 4.4.0 Remote Privilege Escalation in Layton Helpbox 4.4.0 Arbitrary Support-Ticket Data Modification Vulnerability in Layton Helpbox 4.4.0 Information Disclosure: ODBC Database Credentials Exposure in Layton Helpbox 4.4.0 Cleartext Credential Exposure in Layton Helpbox 4.4.0 Arbitrary Code Execution Vulnerability in Toshiba ConfigFree Utility 8.0.38 Toshiba ConfigFree 8.0.38 CF7 File Remote Command Execution Vulnerability Open Redirect Vulnerability in Forescout CounterACT NAC Device Allows Phishing Attacks Multiple Cross-Site Scripting (XSS) Vulnerabilities in Forescout CounterACT NAC Device ARP Poisoning Vulnerability in Forescout CounterACT NAC Device 6.3.4.1 RealPlayer 15.0.5.109 ZIP File Processing Stack-based Buffer Overflow Vulnerability Remote Code Execution Vulnerability in XnView's xjpegls.dll Plugin OpenX 2.8.10 admin/plugin-index.php XSS vulnerability SQL Injection Vulnerability in OpenX 2.8.10 Allows Remote Code Execution Directory Traversal Vulnerabilities in Axway SecureTransport 5.1 SP2 and Earlier Buffer Overflow Vulnerabilities in FlashFXP 4.2: Remote Code Execution Unrestricted Access Vulnerability in RivetTracker 1.03 and Earlier SQL Injection Vulnerability in LimeSurvey Admin Panel Cross-Site Scripting (XSS) Vulnerability in LimeSurvey SQL Injection Vulnerabilities in RivetTracker 1.03 and Earlier AneCMS ACP Directory Traversal Vulnerability Arbitrary Web Script Injection Vulnerability in starCMS index.php Denial of Service Vulnerability in Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB Arbitrary SQL Command Execution in Witze Addon 0.9 for deV!L'z Clanportal Unspecified Remote Code Execution and Denial of Service Vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i Arbitrary Code Execution via Stack-Based Buffer Overflow in SR10 FTP Server Arbitrary Code Execution via Crafted Update File in No Machine NX Web Companion CSRF Vulnerabilities in Parallels H-Sphere 3.3 Patch 1 Allow Remote Authentication Hijacking CSRF Vulnerability in VR GPub 4.0 Allows Remote Admin Account Hijacking Heap-based Buffer Overflow in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and Earlier Versions Arbitrary File Write Vulnerability in Fill PDF Module for Drupal Unauthenticated ARP Request and GARP Packet Source Checking Vulnerability Denial of Service Vulnerability in Cisco IOS SSH Session Handling (Bug ID CSCto87436) Denial of Service Vulnerability in Cisco IOS (Bug ID CSCub39268) Uninitialized Variable Vulnerability in Cisco IOS Unauthenticated Remote Traffic Forwarding Vulnerability in Cisco IOS Flex-VPN Load-Balancing Feature Denial of Service Vulnerability in Cisco IOS (Bug ID CSCtn43662) Denial of Service Vulnerability in Cisco IOS ACL Implementation on Catalyst 6500 and 7600 Devices (Bug ID CSCts16133) Denial of Service Vulnerability in Cisco IOS BGP Router Process (Bug ID CSCsw63003) Denial of Service and Memory Corruption Vulnerability in Cisco IOS Denial of Service Vulnerability in Optimalog Optima PLC 1.5.2 and Earlier Denial of Service Vulnerability in Optimalog Optima PLC 1.5.2 and Earlier Arbitrary Web Script Injection Vulnerability in VMware vCenter Operations VMware CapacityIQ 1.5.x Directory Traversal Vulnerability Arbitrary Web Script Injection Vulnerability in Trimble Infrastructure GNSS Series Receivers Arbitrary Code Execution via Integer Overflow in Adobe Flash Player's Matrix3D Class User Enumeration Vulnerability in VMware SpringSource Spring Security Multiple Cross-Site Scripting (XSS) Vulnerabilities in ownCloud Server before 4.0.8 CRLF Injection Vulnerability in ownCloud Server before 4.0.8 Unspecified Remote Integrity Vulnerability in Oracle iStore Component Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Component Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component allows remote authenticated users to affect confidentiality Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified Remote Code Execution Vulnerability in Oracle FLEXCUBE Universal Banking Component Unspecified vulnerability in Oracle FLEXCUBE Universal Banking component allows remote authenticated users to affect confidentiality Unspecified Local Integrity Vulnerability in Oracle WebCenter Sites Component Unspecified vulnerability in Oracle Central Designer component in Oracle Industry Applications 1.3, 1.4, and 1.4.2 Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Unspecified Concurrency Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE 7 Update 7 and earlier allows remote attackers to compromise confidentiality via JMX. Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality and integrity Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality Unspecified Remote Integrity Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity Unspecified Remote Code Execution Vulnerability in Oracle Java SE JRE Component Unspecified vulnerability in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality Unspecified vulnerability in Oracle Java SE JavaFX 2.2 and earlier Unspecified Remote Integrity Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE JavaFX 2.2 and earlier Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Remote Code Execution Vulnerability in Oracle Java SE JavaFX 2.2 and Earlier Unspecified 2D-related vulnerability in Oracle Java SE Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. Unspecified Networking Vulnerability in Oracle Java SE Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Unspecified Confidentiality Vulnerability in Oracle Agile PLM for Process Component Unspecified Confidentiality Vulnerability in Oracle Agile Product Supplier Collaboration for Process Component Unspecified vulnerability in Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 Unspecified Remote Integrity Vulnerability in Oracle Agile PLM for Process Unspecified Confidentiality Vulnerability in Oracle Agile PLM for Process Unspecified vulnerability in Oracle Sun Solaris 10 related to inetd Unspecified Remote Availability Vulnerability in Oracle MySQL Server Component Unspecified Remote Code Execution Vulnerability in Oracle Access Manager Multiple SQL Injection Vulnerabilities in Php-X-Links 1.0 PHPB2B 4.1 and Earlier XSS Vulnerability in list.php Arbitrary File Read Vulnerability in HServer 0.1.1 Arbitrary SQL Command Execution Vulnerability in JE Poll Component for Joomla! VertrigoServ 2.25 inc/extensions.php Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Ggb Guestbook 0.3.1 Arbitrary Web Script Injection Vulnerability in UBB.threads 7.5.6 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in SQLiteManager 1.2.4 Stack-based Buffer Overflow in FreeFloat FTP Server 1.0 via Long String in PUT Command Race condition vulnerability in Google Chrome before 22.0.1229.92 allows remote code execution via audio device vectors. Denial of Service Vulnerability in Google Chrome's ICU Functionality Out-of-Bounds Read Vulnerability in Google Chrome Compositor Unmonitored Pepper Plug-in Crashes in Google Chrome: Remote Attack Vector Vulnerability SVG Use-After-Free Remote Code Execution Vulnerability in WebKit Improper Write Behavior in Graphics Drivers in Google Chrome on Mac OS X Google Chrome Use-After-Free Vulnerability in SVG Filter Handling Unrestricted Loading of SVG Subresource in Google Chrome (CVE-2012-5138) Integer Validation Vulnerability in Google Chrome on Mac OS X Race condition vulnerability in Pepper in Google Chrome before 23.0.1271.64 Out-of-Bounds Access Vulnerability in Google V8 Google Chrome Use-After-Free Vulnerability in Video Layout Unspecified Variable Cast Vulnerability in Google Chrome Out-of-Bounds Read Vulnerability in Skia Library Memory Corruption Vulnerability in Google Chrome Google Chrome Use-After-Free Vulnerability in Extension Tabs Handling Google Chrome Use-After-Free Vulnerability in Plug-In Handling Integer Overflow in Google Chrome WebP Image Handling Denial of Service Vulnerability in Google V8 Heap-based Buffer Overflow in WebGL Subsystem in Google Chrome OS Out-of-Bounds Read Vulnerability in Skia Library Improper Rendering Behavior Vulnerability in Google Chrome on Mac OS X Denial of Service Vulnerability in Google Chrome Google Chrome Use-After-Free Vulnerability in SVG Filters Heap-based Buffer Underflow in xmlParseAttValueComplex Function in libxml2 Google Chrome Use-After-Free Vulnerability in Printing Unspecified Variable Cast Vulnerability in Google Chrome Google Chrome Use-After-Free Vulnerability in Media Source API File Path Handling Vulnerability in Google Chrome Google Chrome Use-After-Free Vulnerability in Visibility Events Google Chrome Use-After-Free Vulnerability in URL Loader Unrestricted Instantiation of Chromoting Client Plug-in in Google Chrome Arbitrary Code Execution and Denial of Service Vulnerability in Google Chrome Integer Overflow in Google Chrome: Remote Denial of Service and Possible Other Impact via PPAPI Image Buffers Off-by-one overwrite vulnerability in Google Chrome and Libav allows for denial of service and potential memory corruption Google Chrome Use-After-Free Vulnerability in SVG Layout Same Origin Policy Bypass in Google Chrome 24.0.1312.52 Google Chrome Use-After-Free Vulnerability in DOM Handling File Name Validation Vulnerability in Google Chrome Integer Overflow in Audio IPC Layer in Google Chrome Google Chrome Use-After-Free Vulnerability in Video Seek Operations Integer Overflow in Google Chrome PDF JavaScript Handling Out-of-Bounds Read Vulnerability in Google Chrome Out-of-Bounds Access Vulnerability in Google V8 Integer Overflow Vulnerability in Google Chrome on Windows Inadequate Sandboxing Approach in Google Chrome for Mac OS X Google Chrome Use-After-Free Vulnerability in PDF Fields Out-of-Bounds Read Vulnerability in Google Chrome PDF Handling Session Invalidation Vulnerability in Puppet Enterprise (PE) before 2.6.1 Remote Code Execution Vulnerability in phpMyAdmin 3.5.2.2 Arbitrary Code Execution Vulnerability in Citrix XenApp XML Service Interface SQL Injection Vulnerabilities in OSClass before 2.3.5 Arbitrary Web Script Injection in OSClass 2.3.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fork CMS before 3.2.7 Denial of Service Vulnerability in ISC BIND 9.x Multiple SQL Injection Vulnerabilities in ATutor AContent before 1.2-1 Arbitrary User Password and Category Name Modification Vulnerability in ATutor AContent before 1.2-1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ATutor AContent 1.2-2 Open Redirect Vulnerability in Pebble before 2.6.4: Remote Phishing Attack Vector Arbitrary File Creation/Overwrite Vulnerability in Be Graph BeZIP before 3.10 Sensitive Information Exposure in Asial Monaca Debugger Application Session Fixation Vulnerability in BIGACE before 2.7.8: Remote Session Hijacking Denial of Service Vulnerability in KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR Devices via Invalid Email Format Arbitrary Web Script Injection Vulnerability in KENT-WEB ACCESS REPORT 4.2 and Earlier Arbitrary Web Script Injection Vulnerability in KENT-WEB ACCESS REPORT 5.02 and Earlier Arbitrary Web Script Injection Vulnerability in Welcart Plugin for WordPress CSRF Vulnerability in Welcart Plugin for WordPress Allows User Authentication Hijacking WebView Class Implementation Vulnerability in Boat Browser and Boat Browser Mini for Android WebView Class Implementation Vulnerability in Opera Mobile and Opera Mini for Android Unspecified Cross-Site Scripting (XSS) Vulnerability in concrete5 Japanese and English Versions Sensitive Location Information Disclosure in Loctouch Application Loctouch Android App 3.4.6 and Earlier - Sensitive Location Information Disclosure Vulnerability Arbitrary Code Injection Vulnerability in Olive Toast Documents Pro File Viewer App Directory Traversal Vulnerability in Olive Toast Documents Pro File Viewer (formerly Files HD) App Arbitrary Web Script Injection Vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem Sensitive Location Information Disclosure in Weathernews Touch Application Untrusted Search Path Vulnerability in Mora Downloader: Remote Execution of .exe File Arbitrary File Upload Vulnerability in Prizm Content Connect 5.1 Arbitrary File Read Vulnerability in Bitweaver 2.8.1 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Bitweaver 2.8.1 and Earlier Heap-based buffer overflow in Perl_repeatcpy function in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 Multiple Buffer Overflows in Condor 7.6.x and 7.8.x Versions Unspecified System Call Error Vulnerabilities in Condor 7.6.x and 7.8.x Unspecified Remote Information Disclosure Vulnerability in HP ArcSight Connector Appliance and ArcSight Logger Arbitrary Code Execution Vulnerability in HP ArcSight Connector Appliance and Logger Arbitrary Web Script Injection Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) Remote Code Execution Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 (ZDI-CAN-1611) Unspecified Remote Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 (ZDI-CAN-1612) Unspecified Remote Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 (ZDI-CAN-1613) Unspecified Remote Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 (ZDI-CAN-1614) Unspecified Remote Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 (ZDI-CAN-1650) Unspecified Remote Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 (ZDI-CAN-1660) Unspecified Remote Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 (ZDI-CAN-1661) Unspecified Remote Code Execution Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) Unspecified Remote Code Execution Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) Unspecified Remote Code Execution Vulnerability in HP Intelligent Management Center (iMC) TACACS+ Authentication Manager (TAM) Unspecified Remote Vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) Unspecified Remote Code Execution Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) Unspecified Remote Information Disclosure Vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) Unspecified Remote Vulnerability in HP ServiceCenter 6.2.8 Unspecified Remote Data Modification and Denial of Service Vulnerability on HP LaserJet Pro Printers CSRF Vulnerability on HP ProCurve 1700-8 and 1700-24 Switches Unspecified Remote Access Restriction Bypass Vulnerability in HP System Management Homepage (SMH) Bypassing Secure Boot on HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 Arbitrary Code Injection through Cross-Site Scripting (XSS) in HP Managed Printing Administration (MPA) Unspecified Privilege Escalation Vulnerability in HP Storage Data Protector PostScript Interpreter Directory Traversal Vulnerability Unspecified Information Disclosure Vulnerability in HP Service Manager Web Tier 9.31 Arbitrary PHP Code Execution in vBSEO 3.5.0 and Earlier Arbitrary PHP Code Execution via vBadvanced CMPS 3.2.2 Remote File Inclusion Vulnerability Arbitrary Web Script Injection Vulnerability in xClick Cart 1.0.1 and 1.0.2 Cross-Site Scripting (XSS) Vulnerabilities in Peel SHOPPING 2.8 and 2.9 Arbitrary SQL Command Execution in Peel SHOPPING 2.8 and 2.9 via tva.php Cross-site scripting (XSS) vulnerability in phplist 2.10.9 and 2.10.17 in admin/index.php Arbitrary Script Injection Vulnerability in Slideshow Gallery2 Plugin for WordPress Unspecified Vulnerability in JE Story Submit Component for Joomla! Arbitrary PHP Code Execution in miniCMS 1.0 and 2.0 Quickl Form Component for Joomla! Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Drupal Stickynote Module Open Redirect Vulnerability in ocPortal 7.1.6 and earlier versions Denial of Service Vulnerability in Wireshark HSRP Dissector Incorrect OUI Data Structures Vulnerability in Wireshark PPP Dissector Buffer Overflow in LDP Dissector in Wireshark 1.8.x Arbitrary File Inclusion Vulnerability in Banana Dance B.2.6 and Earlier Arbitrary Database Information Disclosure in Banana Dance B.2.6 and Earlier Multiple SQL Injection Vulnerabilities in Banana Dance B.2.6 and Earlier Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer Overflow Vulnerability in Adobe Shockwave Player (CVE-2012-4176) Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.5.0.600 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.5.0.600 allows arbitrary code execution Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer Overflow Vulnerability in Adobe Flash Player and Adobe AIR Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.4.0.2710 allows arbitrary code execution SQL Injection Vulnerability in phpMyDirectory 1.3.3: Remote Code Execution via id Parameter in page.php SQL Injection Vulnerabilities in Plogger 1.0 RC1: Remote Code Execution Multiple SQL Injection Vulnerabilities in EasyWebRealEstate SQL Injection Vulnerability in Posse Softball Director CMS team.php SQL Injection Vulnerabilities in Atar2b CMS 4.0.1 PHP Remote File Inclusion Vulnerabilities in SAPID CMS 1.2.3 Stable SQL Injection Vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual Cross-Site Scripting (XSS) Vulnerability in FuseTalk Forums 3.2 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mavili Guestbook (November 2007 Release) SQL Injection Vulnerability in Mavili Guestbook edit.asp (November 2007 Release) Insufficient Access Control in Mavili Guestbook Allows Remote Database Read Arbitrary Message Manipulation in Mavili Guestbook SQL Injection Vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 Insecure Default Configuration of Cerberus FTP Server Allows for SSH Cipher Vulnerability Improper Access Control in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 Arbitrary File Overwrite Vulnerability in Monkey HTTP Daemon 0.9.3 Static Code Injection Vulnerability in YVS Image Gallery Administration/Install.php Arbitrary Web Script Injection Vulnerability in JBMC Software DirectAdmin 1.403 Stack-based Buffer Overflow in Camera Stream Client ActiveX Control Arbitrary Script Injection in IBM Lotus Notes Traveler CSRF Vulnerability in IBM Lotus Notes Traveler Allows Authentication Hijacking Brute-Force Authentication Vulnerability in IBM Lotus Notes Traveler Arbitrary SQL Command Execution in WP e-Commerce Plugin SQL Injection Vulnerability in Tribiq CMS: Remote Code Execution via id Parameter SQL Injection Vulnerability in Snitz Forums 2000: Remote Code Execution via TOPIC_ID Parameter Arbitrary Web Script Injection Vulnerability in ViewGit 0.0.6 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in php iReport 1.0 Cross-Site Scripting (XSS) Vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and Earlier Arbitrary SQL Command Execution in Bigware Shop (main_bigware_43.php) Arbitrary Code Execution via Unrestricted File Upload in Kish Guest Posting Plugin 1.2 for WordPress CSRF Vulnerability in D-Link DCS Cameras Allows Password Hijacking CSRF Vulnerability in Sagem F@ST 2604 Allows Remote Password Hijacking Frame Injection Vulnerability in TikiWiki CMS/Groupware 8.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Xavi X7968 CSRF Vulnerability in Xavi X7968 Allows Remote Password Hijacking Buffer Overflow Vulnerabilities in Tracker Software PDF-XChange 3.60.0128 Cross-Site Scripting (XSS) Vulnerabilities in Shortcode Redirect Plugin for WordPress CSRF Vulnerability in IDevSpot iSupport 1.x Allows Unauthorized Addition of Administrator Accounts SQL Injection Vulnerabilities in Mingle Forum Plugin for WordPress SQL Injection Vulnerabilities in Mingle Forum Plugin for WordPress Buffer Overflow Vulnerability in TYPSoft FTP Server 1.1 via Long String in APPE Command Multiple Cross-Site Scripting (XSS) Vulnerabilities in asaanCart 0.9 Arbitrary Local File Inclusion Vulnerability in asaanCart 0.9 Denial of Service Vulnerability in at32 Reverse Proxy 1.060.310 SQL Injection Vulnerability in page.php in Pre Printing Press SQL Injection Vulnerability in Pre Printing Press Product Description Page Directory Traversal Vulnerability in Tiny Server 1.1.5 Allows Unauthorized File Access Arbitrary File Read Vulnerability in ownCloud before 4.0.8 Multiple Cross-Site Scripting (XSS) Vulnerabilities in JForum 2.1.9 Open Redirect Vulnerability in JForum 2.1.9: Remote Phishing Attack via returnPath Parameter Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 Integer Overflow in lex_number() function in SumatraPDF 2.1.1/MuPDF 1.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Otterware StatIt 4 Multiple SQL Injection Vulnerabilities in SenseSites CommonSense CMS Limny 3.0.1 admin/login.php PATH_INFO XSS Vulnerability Directory Traversal Vulnerability in IpTools WebServer (Thttpd.bat) Allows Remote File Read Remote Command Server Buffer Overflow Vulnerability in IpTools 0.1.4 Arbitrary Script Injection in WP Live.php Module 1.2.1 for WordPress Arbitrary Code Execution in TinyWebGallery 1.8.3 via Command Parameter SQL Injection Vulnerability in MangosWeb Enhanced 3.0.3: Remote Code Execution via Login Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in Pay With Tweet Plugin before 1.2 SQL Injection Vulnerability in Pay With Tweet Plugin for WordPress Apache Axis2 SAML Assertion Signature Exclusion Vulnerability JOSSO Vulnerability: Signature Exclusion Attack in SAML Assertion Eduserv OpenAthens SP 2.0 for Java Signature Exclusion Vulnerability Clickjacking vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey before 16.0 Arbitrary File Overwrite Vulnerability in welcome.py Insecure GPG Key Import in apt-add-repository Tool Arbitrary Code Execution in Ektron CMS 8.02 SP5 Arbitrary File Read and Authentication Bypass Vulnerability in Ektron CMS Arbitrary Code Execution Vulnerability in Libavcodec of FFmpeg Arbitrary Code Execution Vulnerability in Libavcodec of FFmpeg Arbitrary Code Execution Vulnerability in Libavcodec of FFmpeg Denial of Service Vulnerability in Microsoft Windows 7 and Earlier due to Flood of ICMPv6 Neighbor Solicitation Messages Denial of Service Vulnerability in IPv6 Implementation in FreeBSD and NetBSD (2012 and earlier) Denial of Service Vulnerability in Microsoft Windows 7 and Earlier due to IPv6 ICMPv6 Router Advertisement Flood IPv6 Router Advertisement Flood Vulnerability Denial of Service Vulnerability in Apple Mac OS X IPv6 Implementation SQL Injection Vulnerabilities in OrangeHRM 2.7.1 RC 1: Remote Code Execution via sortField Parameter Cross-Site Scripting (XSS) Vulnerability in phpMyAdmin 3.5.x before 3.5.3 JRuby Hash Collision Denial of Service Vulnerability Hash Collision Vulnerability in Ruby (CRuby) 1.9 and 2.0 Denial of Service Vulnerability in Rubinius Hash Computation Denial of Service Vulnerability in Oracle Java SE and OpenJDK Denial of Service Vulnerability in Btrfs CRC32C Hash Collision Denial of Service Vulnerability in Btrfs CRC32C Feature Arbitrary File Write Vulnerability in Google Chrome's Inter-process Communication (IPC) Implementation Untrusted Search Path Vulnerability in ActivePerl Installation Functionality Untrusted Search Path Vulnerability in ActiveTcl 8.5.12 Installation Functionality Untrusted Search Path Vulnerability in ActivePython 3.2.2.3 Installation Untrusted Search Path Vulnerability in Ruby 1.9.3-p194 Installation Functionality Untrusted Search Path Vulnerability in PHP 5.3.17 Installation Functionality Untrusted Search Path Vulnerability in Zend Server 5.6.0 SP4 Installation Functionality Untrusted Search Path Vulnerability in Oracle MySQL 5.5.28 Installation Functionality Cross-Site Scripting (XSS) Vulnerabilities in Craig Knudsen WebCalendar Arbitrary Code Execution via User Theme Preference in Craig Knudsen WebCalendar Directory Traversal Vulnerability in phpPaleo 4.8b180 Allows Remote File Inclusion Cross-Site Request Forgery (CSRF) Vulnerability in White Label CMS Plugin for WordPress Arbitrary Script Injection in White Label CMS Plugin for WordPress PowerTCP WebServer for ActiveX 1.9.2 and earlier: NULL Pointer Dereference Denial of Service Vulnerability Privilege Escalation in Condor's Standard Universe Shadow Component Session Fixation Vulnerability in MediaWiki Special:UserLogin CSRF Vulnerability in CentralAuth Extension for MediaWiki Session Fixation Vulnerability in MediaWiki CentralAuth Extension Remote Code Execution Vulnerability in Siemens SiPass Integrated MP2.6 and Earlier Race Condition Vulnerability in Cisco Adaptive Security Appliances (ASA): Multiple Connections Leading to CPU Consumption or Device Reload Buffer Overflow Vulnerability in Cisco Unified MeetingPlace Web Conferencing Arbitrary Command Execution Vulnerability in Cisco Prime Data Center Network Manager (DCNM) Denial of Service Vulnerability in Cisco ASA Software 8.7.1 and 8.7.1.1 Denial of Service Vulnerability in Cisco IOS on AS5400 Devices (Bug ID CSCub61009) Authentication Bypass Vulnerability in Cisco Secure Access Control System (ACS) 5.x Denial of Service Vulnerability in Cisco IOS Unified Border Element (CUBE) Denial of Service Vulnerability in Cisco VPN Client on Windows (Bug ID CSCuc81669) Cisco TelePresence Video Communication Server (VCS) X7.0.3 Remote Conference Creation Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Cisco Unified IP Phone 7900 Series Devices CSRF vulnerability in CMS Made Simple allows remote file deletion Stack-based Buffer Overflow in HttpUtils.dll in TVMOBiLi Multiple Cross-Site Scripting (XSS) Vulnerabilities in Subrion CMS 2.2.1 SQL Injection Vulnerability in ATutor AContent 1.2-1: Remote Code Execution via user/index_inline_editor_submit.php Arbitrary Password Modification Vulnerability in ATutor AContent 1.2-1 Unspecified Cross-Site Scripting (XSS) Vulnerability in Joomla! Language Search Component Lack of Hostname Verification in Zoner AntiVirus Free Android App Weak Permissions Vulnerability in VMware Workstation and Player on Windows Untrusted Search Path Vulnerability in VMware Workstation and Player on Windows Arbitrary Script Injection in Juniper Secure Access (SA) Help Page Heap-based Buffer Overflow in Bogofilter's Iconvert.c Component Authentication Bypass Vulnerability in Portable phpMyAdmin Plugin for WordPress Denial of Service Vulnerability in VideoLAN VLC media player 2.0.3 via Crafted PNG File Unauthorized Access to Dropbox Repository in Moodle Bypassing Access Restrictions in Moodle 2.2.x and 2.3.x Information Disclosure Vulnerability in Moodle Database Activity Module World Readable File Exposes Secret Key in Red Hat OpenStack Platform World Readable File Exposes Admin Password and Token in OpenStack Dashboard Package Insecure Umask Setting in Foreman Smart Proxy Bypassing Role Restrictions in JBoss Enterprise Application Platform (EAP) and Related Platforms Arbitrary File Upload and Execution in Moodle Portfolio Plugin Bypassing Participant Entry Restrictions in Moodle Database Activity Module Bypassing Capability Requirement in Moodle 2.3.x Arbitrary Image Deletion Vulnerability in OpenStack Glance API World-readable permissions for /etc/keystone/ec2rc in OpenStack Keystone 2012.1.3 allow unauthorized access to EC2 services Man-in-the-Middle Attack Vulnerability in FreeIPA Client Remote Code Execution in registerConfiglet.py in Plone Arbitrary HTTP Header Injection in ZPublisher.HTTPRequest._scrubHeader Bypassing Python Sandbox Restriction in Plone Remote Code Execution via Crafted URL in Plone Python Scripts Remote Access to Restricted Attributes in Zope and Plone Plone Cross-Site Scripting (XSS) Vulnerability in kssdevel.py Default Form Field Value Disclosure Vulnerability Information Disclosure Vulnerability in uid_catalog.py in Plone Arbitrary Python Code Execution Vulnerability in Plone Unspecified Cross-Site Scripting (XSS) Vulnerability in Plone Python Scripts Remote Code Execution in Plone via Crafted URL in python_scripts.py Denial of Service Vulnerability in Kupu Spellcheck Module User Account Enumeration Vulnerability in Plone Membership Tool Denial of Service Vulnerability in Plone's queryCatalog.py Denial of Service Vulnerability in Plone Python Scripts CSRF Vulnerability in Plone Batch ID Change Script Arbitrary File Read Vulnerability in at_download.py Arbitrary Script Injection in Plone safe_html.py Hidden Folder Content Disclosure Vulnerability in Plone FTP.py Arbitrary Script Injection Vulnerability in Plone Widget Traversal Information Disclosure Vulnerability in Plone Denial of Service Vulnerability in Plone RSS Feed Request Timing Discrepancy Password Disclosure Vulnerability PRNG Reseeding Vulnerability in Plone World-readable permissions for temporary file in Aeolus Configuration Server Denial of Service Vulnerability in Xen 4.x Dirty video RAM tracking vulnerability in Xen 3.4 through 4.1 allows denial of service via large bitmap image Array Index Error in HVMOP_set_mem_access Handler in Xen 4.1 Memory Address Vulnerability in XENMEM_exchange Handler Denial of Service Vulnerability in Xen's guest_physmap_mark_populate_on_demand Function Denial of Service Vulnerability in Xen 4.2 and Earlier Hypercalls Insecure Disk Deletion in Red Hat Enterprise Virtualization Manager (RHEV-M) NULL pointer dereference vulnerability in online_pages function in Linux kernel before 3.6 Vulnerability: Insecure Certificate Generation in VDSM Local Privilege Escalation in CUPS 1.4.4 on Linux Distributions Arbitrary Command Execution in OpenVAS Manager 3.x Quagga (ospf6d) 0.99.21 Denial of Service Vulnerability in Routes Removal Vulnerability: Unauthorized Status Changes in MantisBT Improper Management of Email Notifications in MantisBT Allows Information Disclosure Improper SSL Certificate Verification in Gajim before 0.15.3 Allows MITM Attacks Buffer Over-read Vulnerability in Xen 4.2's get_page_from_gfn Hypercall Function Arbitrary Header Injection in CGI.pm Module Claws Mail vCalendar Plugin: Interface Exposes Credentials Denial of Service Vulnerability in Firebird 2.5.0 and 2.5.1 TraceManager Arbitrary File Overwrite Vulnerability in Performance Co-Pilot (PCP) Init Scripts Arbitrary Web Script Injection in GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 Denial of Service Vulnerability in hypervkvpd Denial of Service Vulnerability in lighttpd's http_request_split_value Function Arbitrary Command Execution Vulnerability in WeeChat Plugin API Arbitrary File Read Vulnerability in gnome-system-log polkit Policy Privilege Escalation via pam_ssh_agent_auth Module in Red Hat Enterprise Linux and Fedora Arbitrary PHP Code Injection in Simplenews Scheduler Module for Drupal Arbitrary Script Injection in FileField Sources Module for Drupal Arbitrary Group Posting Vulnerability in Organic Groups (OG) Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Hostip Module for Drupal Arbitrary Web Script Injection in Twitter Pull Module for Drupal CSRF Vulnerability in Drupal Commerce Extra Panes Module Arbitrary Node Creation Vulnerability in Feeds Module for Drupal Information Leakage: Password Reset Links Exposed in Mandrill Dashboard Logs Cross-Site Scripting (XSS) Vulnerabilities in ShareThis Module for Drupal CSRF Vulnerabilities in Search API Module for Drupal Arbitrary Code Injection through Cross-Site Scripting (XSS) in Drupal Time Spent Module CSRF Vulnerability in Time Spent Module for Drupal Arbitrary SQL Command Execution in Time Spent Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in MailChimp Module for Drupal Password Hash Leakage through Client-side Password History Checks OM Maximenu Module XSS Vulnerabilities Default Configuration Vulnerability in Webform CiviCRM Integration Module Allows Unauthorized Access to Contact Information Cross-Site Request Forgery (CSRF) Vulnerabilities in Drupal RESTful Web Services Module Privilege Escalation Vulnerability in User Read-Only Module for Drupal Arbitrary Code Injection through Smiley Acronyms in Drupal Smiley Module Arbitrary Web Script Injection via Page Title in Chaos Tool Suite (CTools) Module for Drupal Local Privilege Escalation: Timezone Manipulation via mate-settings-daemon 1.5.3 World-readable permissions for /etc/katello/secure/passphrase in Katello 1.1 allows local users to obtain passphrase Clear-text Transmission of Credentials in rhn-proxy Access to RHN Satellite Token Chaining Vulnerability in OpenStack Keystone Symlink Attack Vulnerability in Android Debug Bridge (ADB) Allows Arbitrary File Overwrite Arbitrary Script Injection in Horde Internet Mail Program (IMP) Arbitrary Script Injection in Horde Kronolith Calendar Application H4 Arbitrary Web Script Injection in Horde Kronolith Calendar Application H4 Apache Tomcat Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Basic Webmail Module for Drupal Arbitrary Email Address Disclosure in Basic Webmail Module for Drupal OpenStack Keystone EC2 Token Bypass Vulnerability CRLF Injection Vulnerability in Dancer Cookie Method Denial of Service and Flow-Control Bypass Vulnerability in Tor's connection_edge_process_relay_cell Function Arbitrary File Read Vulnerability in Symfony CMS 1.4.20 XML Encryption backwards compatibility attack in Apache CXF Stack-based buffer overflows in XWD plug-in in GIMP 2.8.2 allow remote code execution World-readable permissions in keyring files created by Python keyring lib before 0.10 Insecure Permissions in Python Keyring Allow Creation of World-Readable Files Format String Vulnerability in libproxy 0.3.1: Denial of Service and Arbitrary Code Execution Stack-based Buffer Overflow in LibTIFF Allows Remote Code Execution via Crafted DOTRANGE Tag OpenDNSSEC Vulnerability: Misuse of libcurl API Insecure SSL Certificate Verification in phpCAS before 1.3.2 Improper Node Permission Check in Drupal Table of Contents Module Arbitrary Code Injection via Mixpanel Token in Drupal Arbitrary Email Access Vulnerability in Drupal Services Module Arbitrary Web Script Injection Vulnerability in Email Field Module for Drupal Email Address Disclosure Vulnerability in Drupal Email Field Module Arbitrary Node Title Disclosure Vulnerability in MultiLink Module for Drupal SQL Injection Vulnerability in Drupal Webmail Plus Module Arbitrary Web Script Injection Vulnerability in Zero Point Module for Drupal Improper Permissions Check in Katello Proxies Controller Bypassing Authentication in ldap_fluff Gem for Ruby World-writable permissions in Grinder cache files in Red Hat CloudForms before 1.1 Cross-Site Scripting (XSS) Vulnerabilities in ownCloud before 4.0.9 and 4.5.0 Insecure Lost Password Reset Functionality in ownCloud Allows Remote Password Change Arbitrary Web Script Injection in ownCloud 4.5.x before 4.5.2 Arbitrary PHP Code Execution via Incomplete Blacklist Vulnerability in ownCloud Arbitrary PHP Code Execution via File Upload in ownCloud Stack-based buffer overflow vulnerability in acl_get function in Oracle MySQL and MariaDB allows remote code execution via long argument to GRANT FILE command Heap-based Buffer Overflow in Oracle MySQL and MariaDB Privilege Escalation via Misconfigured FILE Privilege in MySQL and MariaDB Denial of Service Vulnerability in Oracle MySQL and MariaDB User Enumeration Vulnerability in Oracle MySQL and MariaDB Sensitive Information Exposure in Apache CloudStack and Citrix CloudPlatform Permissive PolicyKit Policy Configuration File Allows Privilege Escalation in gksu-polkit Insufficient Entropy in Ushahidi Forgot-Password Tokens Dotfile Vulnerability in The Sleuth Kit (TSK) 4.0.1 Denial of Service Vulnerability in Ekiga 4.0.0: Invalid UTF-8 Strings in OPAL Connection OpenShift Management Console Cross-Site Request Forgery (CSRF) Vulnerability Outdated Password Hashing Algorithm in Squirrelmail 4.0: Vulnerability Exposed XMLHttpRequest Object Allows Arbitrary File Read in Qt Information Leakage in OpenStack Compute (Nova) with libvirt and LVM-backed Instances Role Ignoring Vulnerability in Red Hat JBoss Products Vulnerability: Insecure Salt Handling in Oracle MySQL and MariaDB World-writable permissions in gofer before 0.68 allow local users to cause denial of service Authentication Bypass Vulnerability in JBoss Enterprise Application Platform and Enterprise Web Platform TOCTOU Race Condition in libuser 0.56 and 0.57 Server Identity Check Bypass in IPA 3.0 Bypassing WS-Security Processing in Apache CXF URIMappingInterceptor Denial of Service Vulnerability in Xen with Intel VT-d and Legacy PCI Bridge Symlink Attack Vulnerability in GlusterFS Functionality Apache Wicket Cross-Site Scripting (XSS) Vulnerability World-writable permissions in SANLock's setup_logging function allow unauthorized file modification and bypassing disk-quota restrictions Automatic Opening of Embedded Content in LibreOffice and OpenOffice: A Potential Vulnerability Local Denial of Service Vulnerability in thttpd via Specially-Crafted .htpasswd Files Directory Traversal Vulnerability in MochiWeb Allows Arbitrary File Reading Unspecified Symbol Handling Vulnerability in Fail2ban Action File Memory Leak Vulnerabilities in Squid Cachemgr.cgi Information Disclosure Vulnerability in libuser when Moving User's Home Directory Denial of Service Vulnerability in Freeciv Server Component Arbitrary Command Execution in Red Hat OpenShift Origin before 1.0.5-3 Open Redirect Vulnerability in Red Hat OpenShift Origin before 1.0.5-3 Multiple SQL Injection Vulnerabilities in Foreman: Remote Execution of Arbitrary SQL Commands Arbitrary Code Execution via JSONP Callback in Apache CouchDB Arbitrary Web Script Injection in Apache CouchDB Futon UI Information Disclosure Vulnerability in Drupal 6.x and 7.x Information Disclosure in Drupal 6.x before 6.27 via RSS Feed and Search Result Arbitrary PHP Code Execution via Null Byte in File Name in Drupal 6.x and 7.x Information Disclosure Vulnerability in Nodewords: D6 Meta Tags Module for Drupal Access Restriction Bypass in Context Module for Drupal XML External Entity (XXE) Injection Vulnerability in Inkscape before 0.48.4 XML External Entity (XXE) Vulnerability in Zend_Feed Sensitive Information Disclosure in rhc-chk.rb in Red Hat OpenShift Origin before 1.1 Untrusted Search Path Vulnerability in ABRT Allows Arbitrary Python Module Execution World-writable permissions vulnerability in ABRT 2.0.9 and earlier allows privilege escalation via symlink attack Insecure SSL Certificate Verification in x3270 before 3.3.12ga12 Insecure Temporary File Creation in isearch Package Improper Access Restriction in ownCloud Allows Remote Configuration Modification Arbitrary Web Script Injection in ownCloud Bookmarks Application Heap-based Buffer Overflow in GNU Grep before 2.11 Denial of Service Vulnerability in FreeType 2.4.11 and Earlier Out-of-Bounds Read Vulnerability in FreeType's _bdf_parse_glyphs Function Out-of-Bounds Write Vulnerability in FreeType's _bdf_parse_glyphs Function Heap-based Buffer Overflow in Exim DKIM Support Denial of Service Vulnerability in Microsoft Excel Viewer and Excel 2007 Unspecified vulnerability in Adobe Flash Player and Adobe AIR with unknown impact and attack vectors Denial of Service Vulnerability in Adobe ColdFusion 10 before Update 5 Local Privilege Escalation Vulnerability in Adobe ColdFusion 9.0 through 9.0.2 and 10 Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer Underflow Vulnerability in Adobe Photoshop Camera Raw 7.3 and Earlier Buffer Overflow Vulnerability in Adobe Photoshop Camera Raw 7.3 and Earlier Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in ZPanel 10.0.1 and Earlier ZPanel 10.0.1 XSS Vulnerability in UpdateAccountSettings Action SQL Injection Vulnerability in ZPanel 10.0.1 and Earlier: Remote Code Execution via UpdateClient Action Insufficient Entropy in ZPanel 10.0.1 Password Reset Process TP-LINK TL-WR841N Router Directory Traversal Vulnerability Denial of Service Vulnerability in ISC BIND 9.8.x and 9.9.x Denial of Service Vulnerability in ISC BIND 9.8.x and 9.9.x Arbitrary Code Execution Vulnerability in RealPlayer Buffer Overflow Vulnerability in RealPlayer and RealPlayer SP Unspecified Remote Code Execution Vulnerability in Invision Power Board (IPB) 3.1.x - 3.3.x Arbitrary Command Execution in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 Multiple SQL Injection Vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) Cross-Site Request Forgery (CSRF) Vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2-0.1.4 Improper Access Restriction in Bulb Security Smartphone Pentest Framework (SPF) Allows Password Retrieval Weak Permissions in btinstall Installation Script in Bulb Security Smartphone Pentest Framework (SPF) BabyGekko 1.2.4 and Earlier: SQL Injection Vulnerability PHP File Inclusion Vulnerability in BabyGekko before 1.2.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Baby Gekko before 1.2.2f Multiple SQL Injection Vulnerabilities in dotProject before 2.1.7 Multiple Cross-Site Scripting (XSS) Vulnerabilities in dotProject before 2.1.7 Denial of Service Vulnerability in vSphere API in VMware ESXi 4.1 and ESX 4.1 Denial of Service Vulnerability in Hotblocks Module for Drupal Arbitrary Script Injection Vulnerability in Hotblocks Module for Drupal Denial of Service Vulnerability in Cisco ASA Devices (Bug ID CSCtc59462) Denial of Service Vulnerability in Cisco ASR 1000 Devices with BDI Routing Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Guest Portal Shared Secret Key Vulnerability in IBM WebSphere DataPower XC10 Appliance Arbitrary Web Script Injection in IBM Rational ClearQuest Web Client Unauthenticated Access Vulnerability in IBM WebSphere DataPower XC10 Appliance Bypassing Administrative-Role Requirements in IBM WebSphere DataPower XC10 Appliance SQL Injection Vulnerability in IBM Netezza WebAdmin Application 6.0.5, 6.0.8, and 7.0 before P2 WebAdmin Application Cross-Site Scripting (XSS) Vulnerability in IBM Netezza Arbitrary Web Script Injection Vulnerability in IBM Netezza WebAdmin Application CSRF Vulnerability in IBM Netezza WebAdmin Application Information Disclosure Vulnerability in IBM Rational ClearQuest Web Client SQL Injection Vulnerabilities in IBM Sterling B2B Integrator and Sterling File Gateway Privilege Escalation Vulnerability in IBM TS3500 Tape Library Web Interface Arbitrary File Read and Denial of Service Vulnerability in IBM SPSS Modeler Weak SSL Configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x Multiple Cross-Site Scripting (XSS) Vulnerabilities in Dokeos 2.1.1's main/auth/profile.php Eval Injection Vulnerability in EmpireCMS 6.6 Template Parser Amazon Merchant SDK SSL Server Spoofing Vulnerability Insecure SSL Certificate Verification in Amazon Elastic Load Balancing API Tools Insecure SSL Server Verification in Amazon Flexible Payments Service (FPS) PHP Library SSL Server Spoofing Vulnerability in Apache Commons HttpClient 3.x Apache Axis 1.4 and earlier: SSL Server Spoofing Vulnerability Apache Axis2/Java SSL Server Spoofing Vulnerability Insecure SSL Server Verification in Apache CXF WSDL-First HTTPS Sample Code Unverified Server Hostname in PayPal Merchant SDK Allows SSL Spoofing Unverified Server Hostname in PayPal IPN Utility Allows SSL Spoofing Lack of SSL Certificate Validation in PayPal Payments Standard PHP Library SSL Server Spoofing Vulnerability in PayPal Payments Standard PHP Library SSL Server Spoofing in PayPal Invoicing Insecure SSL Certificate Verification in Sage Pay Direct Module of osCommerce Insecure SSL Certificate Verification in osCommerce's Authorize.Net Module Vulnerability: SSL Server Spoofing in MoneyBookers Module of osCommerce Insecure SSL Certificate Verification in PayPal Express Module of osCommerce Insecure SSL Certificate Verification in PayPal Pro Module of osCommerce Insecure SSL Certificate Verification in PayPal Pro PayFlow Module in osCommerce Insecure SSL Certificate Verification in PayPal Pro PayFlow EC Module in osCommerce Insecure SSL Certificate Verification in Canada Post Module of PrestaShop eBay Module in PrestaShop Allows Man-in-the-Middle Attacks via SSL Certificate Spoofing Insecure SSL Certificate Verification in PrestaShop PayPal Module Unverified Server Hostname in PayPal Module Allows SSL Spoofing Vulnerability: SSL Server Spoofing in Ubercart's Authorize.Net Module Vulnerability: SSL Server Spoofing in Ubercart's CyberSource Module Unverified Server Hostname in PayPal IPN Functionality in Zen Cart Unverified Server Hostname Vulnerability in PayPal Payments Pro Module in Zen Cart Vulnerability: SSL Server Spoofing in Zen Cart's Authorize.Net eCheck Module Vulnerability: SSL Server Spoofing in Zen Cart's LinkPoint Module Insecure SSL Certificate Verification in Groupon Redemptions Android App Insecure SSL Certificate Verification in Chase Mobile Banking App for Android SSL Certificate Verification Vulnerability in Breezy Android Application ACRA Library for Android Allows SSL Server Spoofing via Arbitrary Valid Certificate Android_Pusher Library SSL Certificate Validation Vulnerability SSL Server Spoofing Vulnerability in Weberknecht Insecure SSL Certificate Verification in Rackspace App 2.1.5 for iOS SSL Server Spoofing Vulnerability in AOL Instant Messenger (AIM) 1.0.1.2 XFire 1.2.6 and earlier SSL Server Spoofing Vulnerability SSL Server Spoofing Vulnerability in ElephantDrive Lack of Server Hostname Verification in FilesAnywhere SSL Certificate Insecure SSL Certificate Verification in Google AdMob Developer Account Sample Code Unverified Certificate Vulnerability in Lynx Insecure SSL Server Verification in Zamboni's Contribution Feature Lack of Hostname Verification in Open Source Classifieds SSL Certificate Validation Unverified Server Hostname Matching Vulnerability in Trillian 5.1.0.19 Tweepy SSL Server Spoofing Vulnerability Clickjacking Vulnerability in Joomla! 2.5.x and 3.0.x Information Disclosure Vulnerability in BlackBerry PlayBook Web Browser Component Heap-based buffer overflow in nsWindow::OnExposeEvent function in Mozilla Firefox and Thunderbird allows remote code execution Use-after-free vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey on Mac OS X Memory Corruption and Code Execution Vulnerability in WebGL Subsystem WebGL Integer Overflow Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox Web Developer Toolbar Arbitrary Code Execution and Denial of Service Vulnerability in WebGL Subsystem Heap-based buffer overflow in gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox and Thunderbird before 17.0, and SeaMonkey before 2.14 Use-after-free vulnerability in nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Multiple SQL Injection Vulnerabilities in ClipBucket 2.6 Revision 738 and Earlier Cross-Site Scripting (XSS) bypass vulnerability in WebKit SQL Injection Vulnerability in cardoza-ajax-search Plugin for WordPress Heap-based Buffer Overflow in WeeChat 0.3.6 through 0.3.9 via Crafted IRC Colors Denial of Service Vulnerability in VideoLAN VLC Media Player Arbitrary Script Injection Vulnerability in Uk Cookie WordPress Plugin IP Address Authentication Bypass Vulnerability in Samsung Kies Air 2.1.207051 and 2.1.210161 Denial of Service Vulnerability in Samsung Kies Air 2.1.207051 and 2.1.210161 Vulnerability in Oberthur ID-One COSMO Smart Cards Allows Defeat of Cryptographic Protection Mechanisms Multiple SQL Injection Vulnerabilities in Schneider Electric Ezylog Photovoltaic SCADA Management Server Hardcoded Account Vulnerability in Schneider Electric Ezylog Photovoltaic SCADA Management Server Arbitrary Command Execution in Schneider Electric Ezylog Photovoltaic SCADA Management Server Unauthenticated Remote Administrative Access Vulnerability in Sinapsi eSolar Light Photovoltaic System Monitor SQL Injection Vulnerability in Achievo 1.4.5 dispatch.php Achievo 1.4.5 include.php Cross-Site Scripting (XSS) Vulnerability Remote Stack Buffer Overflow Vulnerability in HT Editor 2.0.20 WordPress 3.4.2 Session Cookie Invalidation Vulnerability Blind SQL Injection Vulnerability in ARC2 (aka ARC2_StoreSelectQueryHandler.php) Reflected XSS Vulnerability in ARC (aka ARC2) through 2011-12-01 Multiple SQL Injection Vulnerabilities in Elite Bulletin Board before 2.1.22 Firefly Media Server 1.0.0.1359 Denial of Service Vulnerability Heap-based buffer overflow vulnerability in Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (crash) via a long string in the request line or HTTP Referer header to TCP port 54444. NULL Pointer Dereference and Crash Vulnerability in Nero MediaHome 4.5.8.0 and Earlier Remote Command Execution in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 Arbitrary File Modification Vulnerability in McAfee Virtual Technician (MVT) and ePO-MVT YUI Flash Component Cross-Site Scripting (XSS) Vulnerability YUI Flash Component Cross-Site Scripting (XSS) Vulnerability YUI Flash Component Cross-Site Scripting (XSS) Vulnerability Information Disclosure in Bugzilla 4.3.2 User.get Method Improper Tracking of cnonce Values in Apache Tomcat HTTP Digest Access Authentication Implementation Session ID Caching Vulnerability in Apache Tomcat Improper Nonce Validation in Apache Tomcat HTTP Digest Access Authentication Arbitrary Web Script Injection in Basic SEO Features Extension for TYPO3 Arbitrary Web Script Injection in TYPO3 Powermail Extension User Credential Exposure in TYPO3 Front End User Registration Extension CSRF Vulnerabilities in DAlbum 1.44 Build 174 and Earlier: Remote Authentication Hijacking Sensitive Information Disclosure in Havalite CMS 1.1.0 and Earlier Arbitrary Code Execution via Unrestricted File Upload in Havalite CMS 1.1.0 and Earlier Arbitrary SQL Command Execution in Havalite CMS 1.1.0 and Earlier Unspecified Vulnerabilities in iRODS Before 3.1 with Unknown Impact and Attack Vectors Arbitrary Code Execution via Uninitialized Pointer in Quest InTrust ActiveX Control Arbitrary File Write Vulnerability in Quest InTrust ActiveX Control CSRF Vulnerability in SAMEDIA LandShop 0.9.2 Allows Remote Account Hijacking Cross-Site Scripting (XSS) Vulnerability in SAMEDIA LandShop 0.9.2 Multiple SQL Injection Vulnerabilities in SAMEDIA LandShop 0.9.2 Predictable File Names with Insufficient Access Control in DFLabs PTK 1.0.5 Arbitrary Web Script Injection Vulnerability in DFLabs PTK 1.0.5 Arbitrary Web Script Injection Vulnerability in Simple Machines Forum (SMF) 2.0.2 IrfanView Heap-Based Buffer Overflow Vulnerability Buffer Overflow in KnFTPd 1.0.0: Remote Authenticated DoS via FEAT Command Multiple Cross-Site Scripting (XSS) Vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 Directory Traversal Vulnerability in TomatoCart 1.2.0 Alpha 2 and Earlier Versions Arbitrary Script Injection in MyBB 1.6.6 User Search SQL Injection Vulnerability in MyBB 1.6.6: Remote Code Execution via users.php SQL Injection Vulnerability in b2evolution 4.1.3: Remote Code Execution via root Parameter in blogs/htsrv/viewfile.php Arbitrary Web Script Injection in b2evolution 4.1.3 Multiple SQL Injection Vulnerabilities in PicoPublisher 2.0 Arbitrary Web Script Injection Vulnerability in WordPress Integrator Module Cross-Site Scripting (XSS) Vulnerabilities in Neocrome Seditio build 160 and 161 Information Disclosure Vulnerability in Neocrome Seditio build 161 and earlier Sensitive Information Disclosure in Neocrome Seditio Build 161 Denial of Service Vulnerability in SnackAmp 3.1.3 via Long String in AIFF File Directory Traversal Vulnerability in razorCMS 1.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Havalite 1.0.4 and Earlier Incomplete fix for Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final in JBoss Operations Network (ON) 3.1.1 and possibly other products Unauthenticated Password Modification Vulnerability in NetIQ Privileged User Manager Directory Traversal Vulnerability in NetIQ Privileged User Manager 2.3.x Remote Code Execution Vulnerability in NetIQ Privileged User Manager 2.3.x Insecure Session Cookie Handling in IBM Sterling B2B Integrator and Sterling File Gateway Unspecified Remote Code Execution Vulnerability in IBM Gentran Integration Suite, Sterling Integrator, and Sterling B2B Integrator Incorrect Permissions and Ownership Vulnerability in IBM InfoSphere Information Server Installation Process Arbitrary Web Script Injection in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x Authentication Credentials Disclosure in IBM Netezza WebAdmin Application Cross-Site Scripting (XSS) Vulnerability in IBM Netezza WebAdmin Application Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 IBM iNotes 8.5.x User-Assisted Cross-Site Scripting (XSS) Vulnerability (SPR JDOE8ZZS9) Buffer Overflow Vulnerabilities in IBM SPSS SamplePower 3.0 ActiveX Control Buffer Overflow in C1sizer.ocx ActiveX Control in IBM SPSS SamplePower 3.0 Buffer Overflow in vsflex7l ActiveX Control in IBM SPSS SamplePower 3.0 before FP1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x Cross-Site Request Forgery (CSRF) Vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x Privilege Escalation Vulnerability in IBM Tivoli NetView on z/OS Unauthenticated Message Transmission Vulnerability in IBM WebSphere Message Broker Denial of Service Vulnerability in IBM WebSphere Message Broker Unspecified Remote File System Object Manipulation Vulnerability in IBM Tivoli Storage Manager for Space Management Arbitrary Command Execution Vulnerability in IBM HTTP Server Component 5.3 in IBM WebSphere Application Server (WAS) for z/OS Cross-Site Scripting (XSS) Vulnerabilities in ManageEngine AssetExplorer 5.6 Stack-based Buffer Overflow in SSDP Parser Allows Remote Code Execution Stack-based Buffer Overflow in SSDP Parser Allows Remote Code Execution Stack-based Buffer Overflow in SSDP Parser Allows Remote Code Execution Stack-based Buffer Overflow in SSDP Parser Allows Remote Code Execution Stack-based Buffer Overflow in SSDP Parser Allows Remote Code Execution Stack-based Buffer Overflow in SSDP Parser Allows Remote Code Execution Stack-based Buffer Overflow in SSDP Parser Allows Remote Code Execution Stack-based Buffer Overflow in SSDP Parser Allows Remote Code Execution Bypassing Command Restrictions in D-Link DSL2730U Router's Restricted Telnet Shell SQL Injection Vulnerability in Centreon 2.3.3 through 2.3.9-4 via menuXML.php Unauthenticated Remote Access and Data Modification Vulnerability in Huawei E585 Device Directory Traversal Vulnerabilities on Huawei E585 Device Remote Denial of Service Vulnerability in Huawei E585 Device SpecView 2.5 build 853 and Earlier Directory Traversal Vulnerability Arbitrary Command Execution Vulnerability in CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux SSH Tectia Server Vulnerability: Authentication Bypass via Crafted Session Stack Consumption Vulnerabilities in Asterisk Open Source and Certified Asterisk Denial of Service Vulnerability in Asterisk Open Source and Digiumphones Arbitrary File Read Vulnerabilities in VMware View Connection Server and View Security Server Cross-Site Scripting (XSS) Vulnerabilities in Cisco Prime NCS and WCS Login Pages (Bug ID CSCud18375) Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Devices (Bug ID CSCud50209) Cross-Site Request Forgery (CSRF) Vulnerabilities in Cisco Wireless LAN Controller (WLC) Devices with Software 7.2.110.0 Arbitrary Web Script Injection Vulnerability in Cisco Wireless LAN Controller (WLC) Devices Buffer Management Vulnerability in Cisco Aironet Access Point Software 15.2 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco NAC Appliance 4.9.2 and Earlier (CSCud15109) Denial of Service and Host Crash Vulnerability in Xen's Transcendent Memory (TMEM) Denial of Service Vulnerability in Xen's Transcendent Memory (TMEM) Integer overflows in tmh_copy_from_client and tmh_copy_to_client functions in Xen 4.0, 4.1, and 4.2 Privilege Escalation in Xen Transcendent Memory (TMEM) Control Stack Operations Unchecked Buffer Pointers in Transcendent Memory (TMEM) Operations Vulnerability in do_tmem_destroy_pool function in Xen 4.0, 4.1, and 4.2 Denial of Service and Arbitrary Code Execution in Transcendent Memory (TMEM) Functions Cross-Site Scripting (XSS) Vulnerabilities in Mahara 1.4.x and 1.5.x Path Traversal Vulnerability in razorCMS before 1.2.1 SQL Injection Vulnerability in YABSoft Advanced Image Hosting (AIH) Script Arbitrary Script Injection in File King Advanced File Management 1.4 Double Free Vulnerability in GreenBrowser Allows Remote Code Execution via Crafted iFrame Denial of Service Vulnerability in GPSMapEdit 1.1.73.2 Arbitrary Web Script Injection in PHP-Fusion 7.02.04 Downloads.php Denial of Service Vulnerability in M-Player 0.4 via Crafted MP3 File Arbitrary Web Script Injection Vulnerability in Ramui Forum Arbitrary PHP Code Injection Vulnerability in admin/banners.php in PHP Enter CSRF Vulnerability in X7 Chat 2.0.5.1 and Earlier: Unauthorized User Addition Denial of Service Vulnerability in Guitar Pro 6.1.1 r10791 Sensitive Information Disclosure in Open Solution Quick.Cart 5.0 Denial of Service and Information Disclosure Vulnerability in MikroTik RouterOS Winbox Service Denial of Service Vulnerability in Google CityHash Information Disclosure Vulnerability in Wireshark 1.8.x before 1.8.4 Denial of Service Vulnerability in Wireshark USB Dissector Denial of Service Vulnerability in Wireshark sFlow Dissector Denial of Service Vulnerability in Wireshark 3GPP2 A11 Dissector Denial of Service Vulnerability in Wireshark SCTP Dissector Integer Overflow and Infinite Loop Vulnerability in Wireshark EIGRP Dissector Integer Overflow in ICMPv6 Dissector in Wireshark 1.6.x and 1.8.x Incorrect Data Structure in ISAKMP Dissector Allows Remote Denial of Service Integer Overflow in iSCSI Dissector in Wireshark Allows Remote Denial of Service Integer Overflow and Infinite Loop Vulnerability in Wireshark WTP Dissector Denial of Service Vulnerability in Wireshark RTCP Dissector Double Free Vulnerability in libssh's sftp_mkdir Function Directory Traversal Vulnerability in CMS Made Simple (CMSMS) Allows Arbitrary File Deletion Arbitrary PHP Code Execution in OM Maximenu Module for Drupal Authentication Bypass Vulnerability in freeSSHd through 1.2.6 Authentication Bypass Vulnerability in freeFTPd through 1.0.11 Unauthenticated Remote Command Execution and File Transfer in CODESYS Runtime Toolkit CODESYS Runtime Toolkit Directory Traversal Vulnerability Remote Code Execution Vulnerability in Falconpl before 0.9.6.9-git20120606 Insecure Hostname Verification in nuSOAP before 0.7.3-5 CRLF Injection Vulnerability in Jenkins Open Redirect Vulnerability in Jenkins Arbitrary Web Script Injection Vulnerability in Jenkins Buffer Overflow in e1000_receive function in QEMU 1.3.0-rc2 and other versions Inkscape Local File Inclusion Vulnerability Insecure Storage of Database Cache Files in W3 Total Cache Plugin Insecure Hash Key Generation in W3 Total Cache Plugin Sensitive Database Information Exposure in W3 Total Cache Plugin Arbitrary File Overwrite Vulnerability in MoinMoin AttachFile Action Arbitrary Code Execution via Unrestricted File Upload in MoinMoin Arbitrary Web Script Injection in MoinMoin 1.9.5 RSS Link Denial of Service Vulnerability in Freeciv before 2.3.3 NULL pointer dereference vulnerability in IRCd-Ratbox before 3.0.8 and Charybdis before 3.4.2 allows remote attackers to cause a denial of service (crash) via a malformed request. OpenPGP Packet Length Field Vulnerability Arbitrary Valid Certificate Spoofing Vulnerability in Zabbix SSL Server Spoofing Vulnerability in Amazon S3 Library in Moodle Bypassing RPM Signature Checks via Crafted Package Stack-based buffer overflows in canoniseFileName function in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 Stack-based buffer overflows in SWI-Prolog's expand function allow for remote code execution Information Disclosure Vulnerability in Zend_XmlRpc Class in Magento Cross-Site Scripting (XSS) Vulnerabilities in Apache ActiveMQ Web Demos Incompatible Structure Layout Vulnerability in QSslSocket::sslErrors Function CUPS 'Listen localhost:631' Option Vulnerability Race Condition and Symlink Attack Vulnerability in ProFTPD Stack-based buffer overflows in get_history function in Nagios Core and Icinga versions before 1.8.4 Cronie 1.4.8 File Descriptor Leak Vulnerability Inadequate Enforcement of Capability Requirement in Moodle Grade Editing Form Arbitrary File Read Vulnerability in Moodle Backup Converter Improper Enforcement of Capability Requirement in Moodle Activity Report Open Redirect Vulnerabilities in Moodle 2.2.x, 2.3.x, and 2.4.x Arbitrary User Submission Comments Exposure in Moodle 2.3.x and 2.4.x Cross-Site Request Forgery (CSRF) Vulnerabilities in Moodle Messaging System Information Disclosure Vulnerability in Moodle Blog RSS Feed Information Disclosure Vulnerability in Moodle Blog RSS Feed Unauthenticated Remote User Can Remove Course-Level Calendar Subscriptions in Moodle 2.4.x Apache Axis2/C SSL Server Spoofing Vulnerability World-writable permissions in HP Linux Imaging and Printing (HPLIP) log files Denial of Service Vulnerability in Rack's Multipart Parsing File Descriptor Leakage in bcron Allows Unauthorized Modification of Job Files and Spam Message Sending Insecure Secret Storage in gnome-keyring: Failure to Discard Secrets on Lock Arbitrary Outbound HTTP Request Vulnerability in Google Spellchecker for TinyMCE Uninitialized Variable Vulnerability in PHP's openssl_encrypt Function Arbitrary File Overwrite Vulnerability in git-changelog Utility Sensitive Information Exposure in Red Hat Enterprise Virtualization Manager (RHEV-M) Domain Management Tool Weak Permissions for Candlepin Bootstrap RPM in Katello World-readable log file in Aeolus Configuration Server allows plaintext password exposure Bypassing Quota Restrictions in Aeolus Conductor's Administer Tab Insecure Manifest Signature Checking in Candlepin World-readable permissions on /var/log/puppet directory in Red Hat OpenStack Essex and Folsom Arbitrary Script Injection in Roundcube Webmail before 0.8.5 Buffer Overflow Vulnerability in Chicken Thread Scheduler Poisoned NUL Byte Attack in Chicken before 4.8.0 Casting Error in Chicken 64-bit Platform Random Number Generator Hash Table Collision Vulnerability in Chicken 4.8.0 Stack-based buffer overflows in OpenConnect http.c leading to denial of service Stack-based Buffer Overflow in libutp Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in Roundup History Display Arbitrary Web Script Injection in Roundup's cgi/client.py Arbitrary Web Script Injection in Roundup before 1.4.20 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Roundup before 1.4.20 CSRF Vulnerability in omniauth-oauth2 Gem Allows Session Hijacking Arbitrary File Deletion Vulnerability in RubyGems Passenger 4.0.0 Beta 1 and 2 Insecure Permissions in tuned 2.10.0 PID File Allows Arbitrary Process Killing Unverified X.509 Certificate Vulnerability in rhn-migrate-classic-to-rhsm Tool Denial of Service Vulnerability in libxslt before 1.1.28 User-readable permissions for secret file in Google Authenticator PAM module Arbitrary Code Execution in App::Context Perl Module Arbitrary Code Execution Vulnerability in Session::Cookie Arbitrary Code Execution Vulnerability in Spoon::Cookie Module 0.24 for Perl Arbitrary SQL Command Execution in TYPO3 Backend History Module Arbitrary Web Script Injection in TYPO3 Backend History Module Arbitrary Record History Disclosure in TYPO3 Backend History Module Arbitrary web script injection vulnerability in TYPO3 Backend API Unspecified Cross-Site Scripting (XSS) Vulnerability in TYPO3 Menu API Cross-Site Scripting (XSS) Vulnerabilities in Spacewalk and RHN Satellite 5.6 Authentication Bypass Vulnerability in Samba's winbind_name_list_to_sid_string_list Function AgentX Denial of Service Vulnerability Denial of Service Vulnerability in Yahoo! Protocol Plugin in Pidgin Incomplete hostname verification in Apache Commons HttpClient Adobe Shockwave Player Downgrading Attack Vulnerability Arbitrary Signed Xtras Installation Vulnerability in Adobe Shockwave Player Multiple Cross-Site Scripting (XSS) Vulnerabilities in Dell OpenManage Server Administrator SQL Injection Vulnerability in BigAntSoft BigAnt IM Message Server Unauthenticated File Upload Vulnerability in BigAntSoft BigAnt IM Message Server Stack-based Buffer Overflows in BigAnt IM Message Server TP-LINK TL-WR841N Router Directory Traversal Vulnerability Unspecified Remote Code Execution Vulnerabilities in Autonomy KeyView IDOL and Related Products SQL Injection Vulnerability in ImageCMS 4.2: Remote Code Execution via admin_search/ Command Injection Vulnerability in DD-WRT 24-sp2: Remote Denial of Service via CSRF Unspecified Remote Code Execution and Data Modification Vulnerability in CA IdentityMinder Unspecified Remote Access Bypass Vulnerability in CA IdentityMinder Denial of Service Vulnerability in Android 4.0.3 Browser Application via Crafted market: URI Sandbox Bypass Vulnerability in Soapbox 0.3.1 Heap-based Buffer Overflow in GetWavHeader Function in Snack Sound Toolkit GIF File Write Access Violation Vulnerability in HCView 1.4 Arbitrary Code Execution Vulnerability in JPEGsnoop 1.5.2 Arctic Torrent 1.4 Denial of Service Vulnerability Arbitrary Script Injection in Video Lead Form Plugin for WordPress Information Disclosure in Simple Gmail Login Plugin for WordPress USB Redirection Policy Propagation Vulnerability in Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x Cross-Site Scripting (XSS) Vulnerabilities in TP-LINK TL-WR841N Router Firmware 3.13.9 Build 120201 Rel.54965n and Earlier VMware vCenter Server Appliance (vCSA) Directory Traversal Vulnerability Arbitrary File Read Vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 Denial of Service Vulnerability in VMware vCenter Server and vCSA Arbitrary Command Execution in Perl's Locale::Maketext Implementation Denial of Service Vulnerability in TWiki and Foswiki Localization Functionality Denial of Service via HVM Control Operations in Xen 3.4 through 4.2 Location Spoofing Vulnerability in SamsungDive's Track My Mobile Feature Arbitrary Location Data Spoofing Vulnerability in AVG AntiVirus for Android's Anti-theft Service Exploiting Lookout's Missing Device Feature: Arbitrary Location Data Injection via GPS Spoofing Remote Tracking Vulnerability in SamsungDive Subsystem on Samsung Galaxy Devices Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cerberus FTP Server Administrative Web Interface Hardcoded Credential Authentication Vulnerability in NETGEAR WGR614 v7 and v9 Information Disclosure Vulnerability in NETGEAR WGR614 v7 and v9 Allows Recovery of Previously Used Passwords CSRF Vulnerability in Atlassian Confluence 3.4.6 Allows Remote Authentication Hijacking Cross-Site Scripting (XSS) Vulnerability in Novell ZENworks Configuration Management before 11.2.4 Sensitive Trace Information Disclosure Vulnerability in Novell ZENworks Configuration Management Multiple Cross-Site Scripting (XSS) Vulnerabilities in FortiWeb before 4.4.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in FortiGate FortiDB Symlink Vulnerabilities in Centrify Deployment Manager 2.1.0.283 Buffer Overflow Vulnerability in Autonomy KeyView IDOL Arbitrary Web Script Injection Vulnerability in IBM Cognos TM1 Denial of Service Vulnerability in IBM Sterling Connect:Direct Session Manager Authentication Bypass Vulnerability in IBM SAN Volume Controller and Storwize V7000 6.x Privilege Escalation via Work Order in IBM Maximo Asset Management and Related Products Privilege Escalation via Import Operation in IBM Maximo Asset Management 7.5 Privilege Escalation and Bypass of Asset-Lookup Restrictions in IBM Maximo Asset Management 7.5 Unsigned Attribute Spoofing Vulnerability in IBM Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway IBM Intelligent Operations Center 1.5.0 Cross-Site Scripting (XSS) Vulnerability Cross-site scripting (XSS) vulnerability in AgileBits 1Password 3.9.9 Troubleshooting Reporting System Belkin N900 F9K1104v1 Router WPA2 Vulnerability: Weak WPS PIN Generation Arbitrary Command Execution Vulnerability in Cisco Prime LMS 4.1-4.2.2 on Linux (CSCuc79779) Denial of Service Vulnerability in Cisco ASA Devices with Firmware 8.4 (Bug ID CSCuc65775) Denial of Service Vulnerability in Cisco NX-OS on Nexus 7000 Series Switches (Bug ID CSCud44300) Cisco WebEx Social XSS Vulnerability via Crafted RSS Service Link (Bug ID CSCub61977) Unverified Server Hostname Matching Vulnerability in Cisco WebEx 4.1 on iOS ExynosAbuse: Privilege Escalation via Weak Permissions in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and Other Android Devices Bypassing Access-Control Restrictions in LemonLDAP::NG before 1.2.3 via Crafted SAML Data SQL Injection Vulnerabilities in Carlo Gavazzi EOS-Box Firmware Multiple Hardcoded Accounts in Carlo Gavazzi EOS-Box Firmware Buffer Overflow Vulnerability in Samsung Kies SyncService.dll ActiveX Control Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0 Inconsistent URL Encoding Processing in Symfony 2.0.x before 2.0.20 Arbitrary Service Access Vulnerability in Symfony 2.x CSRF Vulnerability in e107 1.0.1 Allows Remote Authentication Hijacking and XSS Attacks CSRF Vulnerabilities in e107 1.0.2: Remote Authentication Hijacking and SQL Injection Denial of Service Vulnerability in Rockwell Automation EtherNet/IP Products Buffer Overflow Vulnerability in Rockwell Automation EtherNet/IP Products Authentication Bypass Vulnerability in Rockwell Automation EtherNet/IP Products Buffer Overflow Vulnerability in Rockwell Automation EtherNet/IP Products Denial of Service Vulnerability in Rockwell Automation EtherNet/IP Products Replay Attack Vulnerability in Rockwell Automation EtherNet/IP Products Remote Information Disclosure Vulnerability in Rockwell Automation EtherNet/IP Products Denial of Service Vulnerability in Rockwell Automation EtherNet/IP Products Unspecified Cross-Site Scripting (XSS) Vulnerability in Splunk Web Arbitrary Web Script Injection Vulnerability in cPanel WebHost Manager (WHM) 11.34.0 XSS Vulnerability in cPanel & WHM 11.34.0 (build 8) - clientconf.html and detailbw.html Pages Remote Authentication Bypass Vulnerability in Lorex LNC116 and LNC104 IP Cameras User Enumeration Vulnerability in Axway Secure Messenger Arbitrary Script Injection in MediaWiki RSS Reader Extension Multiple Cross-Site Scripting (XSS) Vulnerabilities in SilverStripe E-Commerce Module 3.0 Bluetooth Service Listing Vulnerability in ConnMan 1.3 on Tizen Arbitrary Program Execution and Dialog Truncation Vulnerability in Opera False Indication of Successful Revocation-Status Checking in Opera 12.10 CORS Bypass Vulnerability in Opera before 12.10 Unspecified Cross-Site Scripting (XSS) Vulnerability in Opera before 12.10 Opera before 12.10 Cross-Site Scripting (XSS) Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Opera before 12.10 WebP Image Size Information Disclosure Vulnerability Opera Web Browser Vulnerability: Remote Phishing Attack via Crafted Web Site (Exploited in November 2012) Heap-based Buffer Overflow in Opera File Existence Disclosure Vulnerability in Opera before 12.11 Memory Allocation Vulnerability in Opera before 12.12 Address Field Spoofing Vulnerability in Opera before 12.12 Weak Permissions in Opera Profile Directory on UNIX CSRF Vulnerability in Rapid7 Nexpose Security Console Allows Unauthorized Deletion of Scan Data and Sites Session Hijacking Vulnerability in Rapid7 Nexpose before 5.5.4 Arbitrary File Overwrite Vulnerabilities in MoinMoin SQL Injection Vulnerability in Ruby on Rails Active Record Component SQL Injection Vulnerability in Authlogic Gem for Ruby on Rails Atomymaxsite 2.5 Unrestricted File Upload Vulnerability Open Redirect Vulnerability in Age Verification Plugin for WordPress Pragyan CMS 3.0 Directory Traversal Vulnerability Denial of Service Vulnerability in HP PKI ActiveX Control Information Disclosure Vulnerability in Microsoft Internet Explorer Unspecified Vulnerability in NinjaXplorer Component for Joomla! Arbitrary SQL Command Execution in PHP Volunteer Management 1.0.2 Arbitrary Web Script Injection in PHP Volunteer Management 1.0.2 Cross-Site Scripting (XSS) Vulnerabilities in Zingiri Web Shop Plugin 2.4.0 for WordPress SQL Injection Vulnerabilities in ChurchCMS 0.0.1 Admin Login Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in NetArt Media Car Portal 3.0 Unrestricted File Upload Vulnerability in NetArt Media Car Portal 3.0 Cross-Site Scripting (XSS) Vulnerabilities in NetArt Media Car Portal 3.0 Cross-Site Scripting (XSS) Vulnerabilities in Organizer Plugin 1.2.1 for WordPress Information Disclosure Vulnerability in Organizer Plugin 1.2.1 for WordPress Arbitrary Script Injection in gpEasy CMS 2.3.3 via jsoncallback Parameter Arbitrary Web Script Injection Vulnerability in nBill Component 2.3.2 for Joomla! Sensitive Information Disclosure in eFront 3.6.10 and Earlier SQL Injection Vulnerability in PHP Ticket System Beta 1: Remote Code Execution via q Parameter Cross-Site Scripting (XSS) Vulnerabilities in DiY-CMS 1.0 CSRF Vulnerability in DiY-CMS 1.0 Allows Remote Authentication Hijacking SQL Injection Vulnerability in DIY-CMS 1.0: Remote Code Execution via modules/poll/index.php SQL Injection Vulnerabilities in Wikidforum 2.10 Advanced Search Arbitrary Script Injection in Elefant CMS 1.2.0 via versions.php Directory Traversal Vulnerability in w-CMS 2.01 getContent Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in w-CMS 2.01 SQL Injection Vulnerability in kommentar.php in pGB 2.12 SQL Injection Vulnerability in members.php in PHPBridges Arbitrary SQL Command Execution in Vastal I-Tech Freelance Zone's show_code.php Arbitrary Web Script Injection in My Calendar Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in ATutor before 2.1 Multiple SQL Injection Vulnerabilities in Marinet CMS Sysax Multi Server 5.52 Stack-Based Buffer Overflow Vulnerability XML External Entity (XXE) Injection Vulnerability in Zend Framework 1.x XML Entity Expansion (XEE) Vulnerability in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 Buffer Overflow Vulnerability in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 Arbitrary Data Retention Policy Creation in Novell Sentinel Log Manager Arbitrary Code Execution and Memory Corruption Vulnerability in DjVuLibre Linux Kernel Heap Memory Disclosure Vulnerability Uninitialized Structures Vulnerability in Linux Kernel Improper String Copying in copy_to_user_auth Function in Linux Kernel Uninitialized Structure Vulnerability in Linux Kernel's dev_ifconf Function Uninitialized Structure Vulnerability in IPVS Control Uninitialized Structure Vulnerability in ccid3_hc_tx_getsockopt Function Uninitialized Pointer Vulnerability in llc_ui_getname Function Uninitialized Structure Member Vulnerability in l2tp_ip6_getname Function Bluetooth Protocol Stack Information Disclosure Vulnerability Bluetooth RFCOMM Implementation Vulnerability in Linux Kernel ATM Implementation in Linux Kernel Prior to 3.6 Allows Unauthorized Access to Kernel Stack Memory Uninitialized Structure Vulnerability in Linux Kernel's __tun_chr_ioctl Function Uninitialized Structure Member Vulnerability in udf_encode_fh Function Uninitialized Structure Member Vulnerability in isofs_export_encode_fh Function Arbitrary Script Injection in ZeroClipboard before 1.1.4 Apache ActiveMQ Default Configuration Denial of Service Vulnerability Unspecified Vulnerability in phpVMS 2.1.x before 2.1.935 Heap-based Buffer Overflow in Resource Hacker 3.6.0.92 via String with Tab or Line Feed Characters Arbitrary PHP Code Execution in activeCollab Chat Module Arbitrary Script Injection in LatestComment Plugin for Vanilla Forums Cross-Site Scripting (XSS) Vulnerabilities in FirstLastNames Plugin 1.1.1 for Vanilla Forums Multiple Cross-Site Scripting (XSS) Vulnerabilities in AboutMe Plugin 1.1.1 for Vanilla Forums Heap-based Buffer Overflow in HeavenTools PE Explorer 1.99 R6: Remote Code Execution Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in FreeNAC 3.02 Arbitrary SQL Command Execution in FreeNAC 3.02 via deviceadd.php Cross-site scripting (XSS) vulnerability in Elgg before 1.8.5 in engine/lib/views.php Arbitrary Account Creation Vulnerability in Elgg Engine Improper Clearing of Cached Access Lists in Elgg before 1.8.5 Arbitrary Web Script Injection in REDCap before 4.14.5 Arbitrary Script Injection via Uppercase Characters in REDCap Labels Arbitrary Web Script Injection in REDCap before 4.14.2 Arbitrary Command Execution in REDCap before 4.14.0 via Custom Rule Logic Buffer Overflow Vulnerability in Huawei UTPS 1.0 Allows Privilege Escalation via Long IDS_PLUGIN_NAME String Remote Code Execution Vulnerability in Huawei AR Routers and S-Series Switches Buffer Overflow Vulnerability in Huawei AR Routers and S-Series Switches Predictable Session ID values in Huawei AR routers and switches Arbitrary Web Script Injection Vulnerability in Inf08 Theme for Drupal Arbitrary Web Script Injection in Apache Solr Autocomplete Module for Drupal Arbitrary Web Script Injection Vulnerability in Fonecta Verify Module for Drupal Arbitrary Script Injection Vulnerability in Exposed Filter Data Module for Drupal Arbitrary Web Script Injection Vulnerability in PRH Search Module for Drupal SQL Injection Vulnerability in TYPO3 Formhandler Extension Vulnerability: Message Spoofing in Best Practical Solutions RT Vulnerability: Remote Configuration of Encryption and Signing in Best Practical Solutions RT Unencrypted Message Spoofing Vulnerability in Best Practical Solutions RT Arbitrary Email Signing Vulnerability in Best Practical Solutions RT Cross-site scripting (XSS) vulnerability in Spambot module for Drupal Arbitrary Code Injection through Image File Name in Imagemenu Module for Drupal Multiple SQL Injection Vulnerabilities in MYRE Realty Manager Arbitrary Web Script Injection in MYRE Realty Manager's search.php Multiple SQL Injection Vulnerabilities in MYRE Vacation Rental Software Arbitrary Web Script Injection Vulnerability in MYRE Vacation Rental Software SQL Injection Vulnerability in links.php in MYRE Business Directory Cross-Site Scripting (XSS) Vulnerability in MYRE Business Directory's search.php Information Disclosure Vulnerability in Palo Alto Networks PAN-OS 4.0.x Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS (Ref ID 31091) Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS (Ref ID 30088) Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS Cleartext LDAP Bind Passwords Stored in Palo Alto Networks PAN-OS Authd.log (Ref ID 35493) Denial of Service Vulnerability in Palo Alto Networks PAN-OS Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS 4.0.x (Ref ID 33080) Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS Arbitrary Code Execution Vulnerability in Palo Alto Networks PAN-OS Arbitrary Command Execution Vulnerability in Palo Alto Networks PAN-OS Authentication Bypass Vulnerability in Palo Alto Networks PAN-OS Arbitrary Code Execution Vulnerability in Palo Alto Networks PAN-OS Arbitrary Code Execution Vulnerability in Palo Alto Networks PAN-OS Unverified X.509 Certificate Vulnerability in Palo Alto Networks GlobalProtect and NetConnect Arbitrary File Overwrite Vulnerability in Augeas Transform_Save Function Arbitrary Web Script Injection in Elastix 2.3.0 XML Services Arbitrary File Read Vulnerability in Polycom HDX Video End Points and UC APL Arbitrary Command Execution Vulnerability in Polycom HDX Video End Points and UC APL Default Blank Administrative Password Vulnerability XML External Entity (XXE) Vulnerability in Apache Solr Persistent Root Access Vulnerability in D-Link DSR-250N Firmware 1.05B73_WW Persistent Root Access Vulnerability in D-Link DSR-250N Devices NULL Pointer Dereference and Crash Vulnerability in FFmpeg's ff_ass_split_override_codes Function Out-of-Bounds Read Vulnerability in FFmpeg's mov_text_decode_frame Function Denial of Service Vulnerability in FFmpeg's prepare_sdp_description Function Denial of Service Vulnerability in FFmpeg's av_probe_input_buffer Function MongoDB Default Configuration Allows Remote Denial of Service and Memory Read Vulnerability Arbitrary Web Script Injection in Horde Kronolith H4 before 3.0.17 Multiple Cross-Site Scripting (XSS) Vulnerabilities in GetSimple CMS Cross-Site Scripting (XSS) Vulnerabilities in ForumPress WP Forum Server Plugin Arbitrary Web Script Injection in ForumPress WP Forum Server Plugin Arbitrary Script Injection in SoundCloud Is Gold WordPress Plugin SQL Injection Vulnerability in ForumPress WP Forum Server Plugin SQL Injection Vulnerability in verify-user.php in b2ePMS 1.0 Arbitrary Web Script Injection Vulnerability in Newsletter Manager Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Newsletter Manager Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerabilities in Newsletter Manager Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Media Library Categories Plugin for WordPress CSRF Vulnerability in Vessio NetBill 1.2 Allows Remote Account Hijacking Cross-Site Scripting (XSS) Vulnerabilities in Vessio NetBill 1.2 Arbitrary Web Script Injection Vulnerability in WordPress Slug Field Sensitive Information Disclosure and Media Attachment Bypass in WordPress before 3.3.3 Unrestricted Excerpt-View Access Vulnerability in WordPress Arbitrary Method Execution in Android WebView Component (CVE-2013-4710) Bypassing Whitelist Protection Mechanism in Apache Cordova and Adobe PhoneGap Denial of Service Vulnerability in Linux Kernel TCP Input Handling Privilege Elevation Vulnerability in Cloud-init: Untrusted EC2 Instance Data Requests Arbitrary Web Script Injection in Horde Internet Mail Program (IMP) Arbitrary Web Script Injection in PrestaShop Socolissimo Module Arbitrary Script Injection in ClipBucket 2.6 via view_channel.php SQL Injection Vulnerabilities in ClipBucket 2.6's update_counter Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in ClipBucket 2.6 Cross-site scripting (XSS) vulnerability in autocomplete functionality in Finder module for Drupal Local Privilege Escalation: Disabling Mac OS X Firewall in F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security NULL pointer dereference vulnerability in futex_wait_requeue_pi function in Linux kernel before 3.5.1 Arbitrary File Deletion Vulnerability in gdm-guest-session Arbitrary PHP Code Execution Vulnerability in WordPress WP GPX Maps Plugin 1.1.21 Arbitrary File Access Vulnerabilities in Vitamin Plugin for WordPress Arbitrary File Inclusion Vulnerability in Page Flip Book Plugin for WordPress Unspecified Vulnerability in All Video Gallery Plugin for WordPress SQL Injection Vulnerabilities in ZPanel 10.0.1 and Earlier Local Privilege Escalation Vulnerability in AccountService 0.6.37 Denial of Service Vulnerability in iconvdata/ibm930.c in GNU C Library (glibc) Denial of Service Vulnerability in Linux Kernel's sock_setsockopt Function Cross-Site Scripting (XSS) Vulnerabilities in SpiceWorks 5.3.75941 Phorum Admin Interface XSS Vulnerability Unspecified Impact and Attack Vectors in GE Healthcare Precision MPi Insecure Pseudo-Random Number Generation in Zope Arbitrary Script Injection via jQuery UI Tooltip Widget Unsecured Configuration of General Electric D20ME Devices Exposes Plaintext Passwords Directory Traversal Vulnerability in phpMoneyBooks 1.0.4 Allows Remote File Read Cross-Site Scripting (XSS) Vulnerability in vBSeo before 3.6.0PL2 via member.php u parameter DragonByte Technologies vBShout Module for vBulletin Cross-Site Scripting (XSS) Vulnerability in vbshout.php Cross-Site Scripting (XSS) Vulnerabilities in DragonByte Technologies vBShout Module Cross-Site Scripting (XSS) Vulnerabilities in DragonByte Technologies vbActivity Module for vBulletin Cross-Site Scripting (XSS) Vulnerabilities in DragonByte Technologies Forumon RPG Module Arbitrary Web Script Injection Vulnerability in DragonByte Technologies vBDownloads Module RedCloth Library 4.2.9 XSS Vulnerability Nokogiri XML Parsing Library Vulnerable to XXE Attacks Denial of Service Vulnerability in FastCGI 2.4.0 Unvalidated dst_pid Field in netlink_sendmsg Function Allows for Netlink Message Spoofing CSRF Vulnerabilities in osCMax Admin Panel Allow SQL Injection Attacks Arbitrary Script Injection in WordPress SEO by Yoast Plugin Default Password Vulnerability in GE Healthcare Centricity PACS 4.0 Server Unspecified Impact and Attack Vectors in GE Healthcare Centricity PACS Workstation and Server Unspecified Impact and Attack Vectors in GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 Unsigned Integer Handling Vulnerability in InspIRCd Debian Version 2.0.7 and Earlier Denial of Service Vulnerability in InspIRCd before 2.0.7 Out-of-Bounds Write Vulnerability in dhcpcd 3.x's decode_search Function Out-of-Bounds Read Vulnerability in dhcpcd 3.x's decode_search Function Memory Leak Vulnerability in dhcpcd 3.x's decode_search Function Integer Overflow in Linux Kernel's fs/aio.c Allows Denial of Service or Other Impact via Large AIO iovec Vulnerability: Exploiting Weak Cryptographic Protection in Expat XML Parser Integer Overflow in ALSA Subsystem Allows Denial of Service or Other Impact Memory Corruption and System Crash Vulnerability in Linux Kernel's sock_setsockopt Function XSS Vulnerability in Jamroom (before 4.2.7) via Status Update Field VMSF_DELTA Memory Corruption Vulnerability in unrar Weak MD5-based Password Hashing Vulnerability in WordPress Cross-site Scripting (XSS) vulnerability in jQuery before 1.9.0 Critical Vulnerability: Missing SSL Certificate Validation in ELinks 0.12 and Twibright Links 2.3 Authentication Bypass Vulnerability in eXtplorer through 2.1.2 Heap-based Buffer Overflow in GNU Bash when Printing Wide Characters Buffer Overflow Vulnerability in Linux Kernel's iwl-agn-sta.c Driver Multiple Cross-Site Scripting (XSS) Vulnerabilities in Job-Manager Plugin for WordPress XSS Vulnerability in Count-per-Day Plugin for WordPress XSS Vulnerability in Formbuilder Plugin for WordPress via Referer Header XSS Vulnerability in Events-Manager Plugin for WordPress (CVE-2021-12345) XSS Vulnerability in Redirection Plugin for WordPress (Version < 2.2.12) XSS Vulnerability in Sharebar Plugin for WordPress (Version < 1.2.2) SQL Injection Vulnerability in Sharebar Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in SocialEngine before 4.2.4 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in SocialEngine Plugins